+64 7 872 0236 [email protected]

CyberSecurity

Digital assets and your estate

Digital Assets & Cybersecurity, Legal Updates & Guidance, Probate & Executor Responsibilities, Technology in Everyday Life, Trusts & Succession, Wills & Estate Planning
0

Why planning ahead matters

For many New Zealanders, daily life is now as much online as it is offline. From internet banking and investment platforms to email accounts, social media, cloud storage and cryptocurrencies, our ‘digital footprint’ has become an important part of who we are and what we own.

Yet most wills and succession plans still solely focus on traditional assets such as property, shares and savings. Digital assets are often overlooked, leaving families and executors struggling to access information and take control of these assets when the will-maker dies.

 

What are digital assets?

Generally speaking, a digital asset is any item of value that is in an electronic or virtual form (rather than physical). These include:

  • Financial accounts – internet banking, investment platforms, PayPal or electronic wallets
  • Blockchain assets, non-fungible tokens (NFTs) or cryptocurrencies
  • Personal content such as photos, videos or documents
  • Social media accounts – Facebook, Instagram, X (formerly Twitter) or TikTok accounts, and
  • Business platforms – domain names, websites, email lists or digital records.

Some of these assets can hold significant financial value. Others may be priceless to family members wishing to preserve a loved one’s memories.

 

Planning ahead is important

Digital assets are protected by passwords, encryption and restrictive service agreements. Executors cannot simply assume control of online accounts and services without legal authority. This can cause significant problems:

  • Executors may be locked out of key accounts
  • Valuable assets can be lost if no one knows how to retrieve them — especially cryptocurrencies that are unrecoverable without a private key, and
  • Service providers may refuse access due to privacy or contractual limits.

The courts have recognised that certain digital property, such as cryptocurrencies, can be legally owned and held on trust.[1] However, ownership of many other online assets, such as social media accounts or cloud storage, is less certain, as users often hold only a licence, which may be non-transferable and could terminate on their death.

 

New Zealand’s legal grey area

New Zealand law has yet to fully catch up with the digital age. The Wills Act 2007 and Administration Act 1969 do not specifically address digital assets. Executors, therefore, must often rely on general property law, privacy regulations and the terms of individual service-providers.

Some overseas jurisdictions, including several US states, now grant executors explicit rights to access digital assets after the will-maker’s death.

Until similar reform occurs here, careful planning remains the best protection to ensure digital assets can be accessed, managed and transferred according to the will-maker’s wishes.

What to do now

  • Make a digital inventory – list all your online accounts, platforms and digital property
  • Store login credentials securely – avoid including passwords in your will, as it becomes public after probate. Instead, store passwords securely using a password manager, encrypted file or a separate memorandum of wishes held safely with us
  • Appoint a digital executor or include specific instructions in your will – specify who can access, manage or close your digital assets
  • Address cryptocurrencies directly – record how and where private keys or hardware wallets are kept. Without them, digital currency is lost forever, and
  • Provide guidance for sentimental items – in your memorandum of wishes state whether you want social media accounts, photos and videos deleted, memorialised or handed to your family.

We are here to help

We can help your estate planning keep up with the digital world. This includes drafting appropriate will clauses, reviewing trust arrangements and guiding executors on accessing digital accounts. Many firms include digital-asset checklists to make the process easier, saving time, money and stress later.

The bottom line

Digital assets are no longer a niche concern — they are part of everyday life and should be part of estate planning. Including them in a carefully drafted will is the simplest way to protect your online legacy and ensure that both your physical and digital affairs are properly organised.

1 Ruscoe v Cryptopia Ltd [2020] NZHC 728.

 

 

DISCLAIMER: All the information published in Fineprint is true and accurate to the best of the authors’ knowledge. It should not be a substitute for legal advice. No liability is assumed by the authors or publisher for losses suffered by any person or organisation relying directly or indirectly on this newsletter. Views expressed are those of individual authors, and do not necessarily reflect the view of Edmonds Judd. Articles appearing in Fineprint may be reproduced with prior approval from the editor and credit given to the source.
Copyright, NZ LAW Limited, 2025.     Editor: Adrienne Olsen.       E-mail: [email protected]     Ph: 029 286 3650

Using AI in your business

Artificial Intelligence & Technology, Business Risk Management, Compliance & Governance, Employment & Workplace Practices, Innovation & Future of Business, Privacy & Cybersecurity
0

What to consider?

Artificial intelligence (AI) has developed from a futuristic concept to a mainstream tool used by many businesses on a daily basis. The exponential growth of AI in recent months/years is hard to miss, with various industries adopting the technology to streamline operations and boost productivity.

For business owners, the prevalence of AI presents both opportunities and challenges. AI can improve efficiency, generate new ideas and identify opportunities but, like many emerging technologies, it also comes with risks that should be carefully managed.

The Ministry of Business, Innovation and Employment recently released AI guidance entitled Responsible AI Guidance for Business to assist with the use and development of AI systems ethically, responsibly and effectively across all types of businesses. We outline some of the key risks and practical strategies discussed in the Guidance to proactively mitigate challenges before they arise.

 

Key risks

Bias: If an AI tool has been trained on biased data, it may produce biased results. When collecting data, AI systems may reflect patterns of your historical decision-making which can lead to inaccurate results.

If this data is then used to make business decisions, it may output biased outcomes. An example of this is biases in personnel data. If an AI tool is trained on existing data held by your business to review job applications, it may produce results that reflect historical inequitable hiring trends, for example, gender, race or age. This could create bias or, at worse, discrimination and human rights challenges.

Errors: Generative AI is also susceptible to inaccuracies and errors in results. In some cases, AI systems can generate what are often referred to as ‘hallucinations.’ These are outputs that appear credible but are in fact fabricated or entirely false. This happens when the system fills gaps in knowledge with plausible sounding information, presenting it as fact. Such inaccuracies can create operational, reputational and legal risk.

The prevalence of these false or misleading outputs underlines the importance of maintaining human oversight over AI-based activities to ensure outputs are accurate. A business may be liable for the inaccurate output of AI tools. This could also include a situation where the output infringes third party intellectual property rights.

Using datasets that are accurate, compliant with regulations and transparent can help to reduce risks of inaccurate output. Accuracy is likely to improve over time as AI technology improves, and layers of audit/checks/balances are built into AI tools.

Privacy and cybersecurity: Many generative AI systems collect, store and use data inputs to train themselves and to generate future responses. This creates risks of privacy, confidentiality and cybersecurity breaches if data is input into systems that allow this. A breach of this nature is likely to have serious implications. Even in closed systems, data processing usually occurs on third-party platforms which could have vulnerabilities to data leaks or cyber-attacks.

Comprehensive reviews of AI tools, how they work practically, and their terms and conditions, should be undertaken. This will allow your business to have a clear understanding of the risks and make an informed decision as to whether use of the AI tool is compliant. Specific privacy impact assessments should also be undertaken.

AI tools, by their very nature, are very powerful at processing large volumes of data. This means they can often find data on systems which is otherwise inaccessible to a lay user. Role-based permissions should be set up, prior to AI tool implementation, to ensure that AI tools can only access data that is appropriate for that role. The Guidance recommends adopting data anonymisation, encryption and secure storage to help protect confidential and personal information.

In terms of business implementation, the Guidance suggests beginning AI rollout in low risk areas and maintaining human oversight in relation to AI-related activities and output. When AI is involved with providing data to guide major decisions that may have significant or widespread impact on your business, having a human review aspect can avoid mistakes or unintended consequences.

 

Getting the foundations right

Purpose: The Guidance encourages businesses to start by considering its purpose for adopting AI. It is important to be clear from the outset about what you want to achieve with AI; this will help direct your integration strategy, and ensure that it aligns with your commercial goals, business values and legal responsibilities.

Establishing AI usage policies early on can help guide responsible AI use and prepare your business for the inevitable challenges that will arise. Policies will need to be regularly reviewed to deal with the fast pace of change in this area.

Legal compliance: When adopting or developing AI systems, your business must ensure compliance with all relevant statutory, regulatory and contractual obligations. Obligations will vary widely based on the industry and sector in which you operate, but will generally always include privacy, intellectual property, consumer protection, confidentiality and contract law.

This means understanding how AI interacts with existing legislation and ensuring that AI use does not inadvertently breach obligations. You should proactively assess legal risks and ensure the roll-out of the AI tool complies. Policies can be implemented within your business to address any risk areas with staff and operations.

In some cases, changes to business practice may be required. For example, changes to terms of trade and privacy policies to seek permissions and/or to be clear where AI is to be used so customers or contracting parties are not inadvertently misled. In some cases, contractual variations may need to be sought for existing relationships. Documenting decisions is also helpful should there be any compliance challenges in the future.

Governance: Regardless of the size of your business, the Guidance recommends establishing a team with a diverse skill set in security, technology, privacy, legal compliance, AI education and stakeholder communications. This will help identify, manage and mitigate unintended risks associated with AI usage, as well as ensuring decisions about AI use are aligned with your organisation’s values and broader legal obligations. Such a team could create, implement and update any AI usage policies.

Risk management: AI can expose and amplify existing risks, so it is important that risk management practices are adopted early. It is vital to develop policies and protocols which provide for a structured approach to identify, assess, manage, record and review risk. These plans help ensure your business can respond quickly, minimise harm, and meet legal or contractual obligations if something goes wrong.

As part of this process, your business should also consider the potential impact on stakeholders such as staff, clients and shareholders. Meaningful engagement and stakeholder impact assessments can help inform the development of AI policies and reduce reputational and operational risks.

 

Conclusion

AI offers businesses significant opportunities to improve efficiency, generate insights and drive innovation. However, as highlighted in the Guidance, realising these benefits responsibly requires more than simply adopting the technology.

Engaging with the Guidance will assist you to reduce risk and align AI use in your business with ethical and legal expectations.

 

 

DISCLAIMER: All the information published in Fineprint is true and accurate to the best of the authors’ knowledge. It should not be a substitute for legal advice. No liability is assumed by the authors or publisher for losses suffered by any person or organisation relying directly or indirectly on this newsletter. Views expressed are those of individual authors, and do not necessarily reflect the view of Edmonds Judd. Articles appearing in Fineprint may be reproduced with prior approval from the editor and credit given to the source.
Copyright, NZ LAW Limited, 2025.     Editor: Adrienne Olsen.       E-mail: [email protected]     Ph: 029 286 3650

Get in touch today, we’d love to talk.

+64 7 872 0236 [email protected]