Blog/Infosec 101/

What happens to data when you die?

Feb 08, 2021

It’s said that the internet never forgets. You can delete a photo or deactivate an account, but data is hard to remove completely. In fact, the information you keep on digital devices and in the cloud will probably outlive you. So what happens to your data when you die? How does post-mortem data management work? And do you still have a right to privacy after death?

What happens to your post-mortem data?

Data protection and privacy are challenging subjects at the best of times. While someone is alive, however, there will usually be some actions they can take to maintain control over their personal information online.

You can, for example, delete your social media accounts, or request that companies remove records related to you. To a greater or lesser extent, most social media and tech giants offer some degree of data control to their users.

That control vanishes when you die. Corporations can still store and access your data, and you no longer have any recourse to stop or challenge them. Companies like Google have no specifications as to how long they can keep your records, and they may hold multiple copies on backup servers. Even if someone asks them to delete the account of a deceased person, that may only remove one small part of their online presence.

How to avoid post-mortem data issues

If you're already a NordLocker user, you don't have to create a new Nord Account. The best way to deal with these problems, of course, is to take precautions before you die. While it may be impossible to predict when that will be, your choices today can later help your family and friends act on your behalf.

Follow these three steps to start improving your post-mortem data control.

  • Switch on Google's Inactive Account Manager. You can then add contact information for the people you’d like to be notified if your account is inactive for a long period of time. This means that, if you die, your relatives will be reminded to take action and have the account deleted.
  • On Facebook, you can appoint a “legacy contact”, who will be given access to the account after your death. This will make it easier for them to retrieve or remove your private data.
  • Write a will that includes “digital property”. You may want to give the executor of the will certain login information, to help them or loved ones access your accounts after your passing. We’ll go into more detail about digital property later.

Beyond these actionable steps, there are plenty of daily practices you can implement that will pay off later. Think carefully before sharing photos, videos, or personal information online. Consider setting boundaries on what kind of content you upload: no family photos, for example.

If you’re putting something out onto the internet, always be aware that it could stay there forever.

How to manage the account of a deceased person

Although it's often the last thing people want to do while in mourning, quickly taking control of a deceased person's online accounts could save you a lot of trouble later on.

An inaccessible social media account can be a painful reminder of a loved one's passing; the sooner you have accessed or removed it, the easier it will be to move on. Furthermore, managing the account may give mourners access to photos and messages that will offer some comfort during a difficult time.

Of course, there are practical security and privacy issues here as well.

  • Platforms like Google and Facebook could still use data from the deceased for marketing algorithms, or even to gather information on their friends and family.
  • The account of a deceased person could be hacked, allowing cybercriminals to ransack their data, view private messages, and even post publicly under their name.
  • Hackers could use the account to launch phishing attacks and social engineering scams on other people, essentially stealing the deceased's identity.

Act quickly to avoid unpleasant scenarios later on. To start securing or deleting someone's online accounts after their death, just follow these steps.

  • If you want the deceased's account data to be completely removed, it's best to contact the service provider directly. There's no guarantee that they will do as you ask, but even if you have access to the account yourself, deleting information manually may not remove it from the site's records.
  • You can close an account or, on Facebook and Instagram, have it "memorialized" (kept online, but with a clear marker showing that the account owner has died). In either case you will need to submit certain forms and proofs, including the person's death certificate.
  • If you need to retrieve data from a deceased person's account, you should be able to get access to their password information by contacting the service provider and presenting certification of the death. Make sure to do this before closing or memorizing the profile.

Get long-term privacy with NordLocker

When you put data on the internet — even through a private account — you risk losing control of it. After you die, you won't be able to decide who gets to see any personal information you left exposed online.

To keep data genuinely private, use a file encryption manager like NordLocker. The NordLocker app encrypts your files, ensuring that no one can view them without your permission. Companies like Facebook, Amazon, and Google may all offer various forms of online storage, but by using them you're putting yourself in the hands of corporations.

If your data can live forever, it's worth protecting.

Oliver Noble

Oliver Noble

Verified author

A nerd with a laser focus on all things cybersec. His own words. Oliver’s hobbies away from the computer include reading, Netflix, and testing the limits of yet another Raspberry Pi. To our surprise, this 130-pound ‘nerd’ also bakes a killer pumpkin pie.