PrivacyOn
Privacy GuideApril 12, 20268 min read

How to Protect Digital Privacy After a Loved One's Death

SC

By Sarah Chen

Head of Privacy Research

How to Protect Digital Privacy After a Loved One's Death

When someone passes away, their digital life doesn't disappear with them. Online accounts, data broker profiles, and personal information remain active and searchable — creating a window for identity thieves who specifically target deceased individuals. Protecting a loved one's digital privacy after death is an important step that many families overlook during an already difficult time.

Why Deceased Individuals Are Targets for Identity Theft

"Ghosting" — stealing a dead person's identity — is a growing form of fraud. It works because deceased individuals can't monitor their own accounts, dispute charges, or respond to credit alerts. Key vulnerabilities include:

  • Obituary mining: Thieves extract full names, dates of birth, addresses, and maiden names from publicly posted obituaries.
  • Data broker profiles: People search sites and data brokers may continue listing a deceased person's information for years, including their address, phone number, and relatives.
  • SIM-swap attacks: If the deceased person's phone number remains active, scammers can use it to intercept verification codes and take over financial accounts.
  • Email hijacking: An unsecured email account can be used to reset passwords at banks, insurance companies, and other sensitive services.
  • Credit fraud: Scammers can open new accounts using the deceased person's Social Security number before credit bureaus are notified of the death.

Act Quickly on Financial Accounts

Identity thieves often move fast after a death, sometimes within days of an obituary being published. Securing financial accounts, freezing credit, and reporting the death to the SSA should be done as soon as possible — ideally within the first week.

Immediate Steps to Take

1. Report the Death to the Social Security Administration

Call the SSA at 800-772-1213 to report the death. This is the single most important first step — it triggers updates across federal systems and makes it harder for identity thieves to use the SSN for tax fraud, credit applications, or government benefit claims.

2. Obtain Multiple Certified Death Certificates

Request at least 10 certified copies of the death certificate. Banks, insurance companies, credit bureaus, and online platforms all require official documentation. Running out of copies will slow everything down.

3. Place a Deceased Alert With Credit Bureaus

Contact all three major credit bureaus to report the death and request a deceased alert on the credit file:

  • Equifax: 800-525-6285
  • Experian: 888-397-3742
  • TransUnion: 800-680-7289

This flags the credit file and prevents new accounts from being opened. Monitor the deceased person's credit reports for at least 12 months after death.

4. Secure the Phone Number

Contact the deceased person's mobile carrier to either cancel the line or transfer it to a trusted family member. An active phone number in no one's control is a prime target for SIM-swap attacks that can be used to bypass two-factor authentication on financial accounts.

Closing or Memorializing Online Accounts

Each major platform has its own process for handling deceased users' accounts:

  • Facebook/Meta: You can request memorialization (which preserves the profile with a "Remembering" banner) or submit a request to have the account permanently deleted. Both options require proof of death.
  • Google: If the deceased set up an Inactive Account Manager, it will automatically notify designated contacts after a period of inactivity. Otherwise, you can submit a request through Google's deceased user process.
  • Apple: Apple's Legacy Contact feature allows designated individuals to access iCloud data. Without it, you'll need to go through Apple's Digital Legacy process with a death certificate and court order.
  • Instagram: Similar to Facebook — you can request memorialization or removal through Meta's help center.
  • Email providers: Close or secure email accounts as quickly as possible. An active email account is the master key to resetting passwords on almost every other online service.

Also cancel any active subscriptions, streaming services, and recurring payments to prevent ongoing charges.

Set Up Legacy Tools Now — While You Can

Google's Inactive Account Manager, Apple's Legacy Contact, and Facebook's Legacy Contact all allow you to designate someone to manage your accounts after death. Setting these up takes less than 5 minutes and prevents significant complications for your loved ones later.

Removing a Deceased Person From Data Brokers

Data broker and people search sites don't automatically remove profiles when someone dies. The deceased person's name, address, phone number, and personal details can remain publicly searchable for years — providing a convenient starting point for identity thieves.

Removing a deceased person from data brokers involves the same opt-out process as removing a living person: visiting each broker's opt-out page and submitting removal requests one at a time. With over 100 major data broker sites, this manual process can take dozens of hours.

PrivacyOn can handle this on behalf of families. We monitor over 100 data broker sites and submit removal requests automatically. For families dealing with the aftermath of a loss, automating this process removes one significant burden during an already overwhelming time.

Legal Considerations

The RUFADAA Framework

Most states have adopted the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA), which establishes a clear priority system for managing a deceased person's digital accounts:

  1. Platform tools set by the deceased: Legacy contact designations and inactive account settings take top priority.
  2. Estate documents: Instructions in a will or trust about digital assets.
  3. Terms of service defaults: If neither of the above exists, the platform's default terms of service apply.

Important Legal Notes

  • Don't put passwords in a will: Wills become public records during probate. Instead, use a password manager or sealed document with the estate attorney.
  • Explicitly name a digital executor: Designate someone in your estate documents who has authority over your digital assets. This is different from a general executor.
  • The Stored Communications Act: Federal law can block access to digital accounts even for legal executors without proper advance planning. Platform-specific legacy tools override this in most cases.

Protecting Privacy in the Obituary

Obituaries are a primary source of information for identity thieves. When writing an obituary, avoid including:

  • Exact date of birth (year is especially risky)
  • Home address or specific location
  • Mother's maiden name
  • Names of other family members with enough detail to answer security questions

You can honor your loved one's memory without providing the exact details that scammers need to impersonate them.

Taking Action

Losing someone is hard enough without worrying about digital security. But taking these steps — reporting to the SSA, freezing credit, securing accounts, and removing data broker profiles — can prevent the additional pain of having a loved one's identity stolen after they're gone.

If the process feels overwhelming, PrivacyOn can handle the data broker removal piece automatically, giving you one less thing to manage during an incredibly difficult time.

SC
Sarah Chen

Head of Privacy Research

CIPP/US CertifiedIAPP MemberB.S. Computer Science

CIPP/US-certified privacy researcher with over a decade of experience helping consumers remove their personal information from data brokers.

Related Articles

Security

How to Prevent Identity Theft

Security

How to Freeze Your Credit at All Three Bureaus

Security

What to Do If Your Identity Is Stolen

Ready to Protect Your Privacy?

Let PrivacyOn automatically remove your personal information from data broker sites and keep it removed.