Identity Verification Protocol Template for Australian Estate Planning Lawyers: A Documented IDV Process Aligned to the Privacy Act

A new client emails to instruct you on a will and an enduring power of attorney. They’ve never walked into your office. They send a photo of a driver’s licence and ask whether the documents can be executed by post. You need a defensible identity verification process — one your paralegals can run, one you can produce to a regulator if a file is ever challenged, and one that handles the personal information collected without creating its own Privacy Act exposure. The Identity Verification Protocol Template is a single PDF you can adopt next week.

Why it matters now

The Privacy Act 1988 (Cth) governs how organisations handle personal information, and the Office of the Australian Information Commissioner (OAIC) administers the 13 Australian Privacy Principles (APPs) that apply to APP entities — Australian Government agencies and most private-sector organisations with annual turnover above $3 million, plus some smaller entities including health service providers. Estate planning practices routinely collect government identifiers (driver’s licence numbers, passport details, Medicare numbers) during client onboarding, and these documents are precisely the artefacts targeted in synthetic-identity and impersonation attacks against deceased estates and elderly clients. A documented identity verification protocol does two things at once: it reduces the probability of acting on a fraudulent instruction, and it generates an auditable record of how personal information was collected, used, stored and disposed of — which is the language the OAIC and the Notifiable Data Breaches scheme speak.

The 5-minute view

• The Privacy Act 1988 (Cth) is administered by the OAIC and contains 13 Australian Privacy Principles that apply to APP entities (oaic.gov.au).
• APP entities include private-sector organisations with annual turnover above $3 million; many estate practices fall inside this threshold once trust-account turnover is considered, and even small practices may be caught where they handle tax file numbers or health information.
• The APPs cover collection, use, disclosure, security, access, correction and disposal of personal information — every stage of a client identity file.
• The OAIC’s Notifiable Data Breaches scheme requires eligible data breaches involving personal information to be reported; an unauthorised disclosure of a client’s ID documents can be a notifiable event.
• Identity theft targeting estate matters typically exploits remote onboarding: documents sent by email, no in-person sighting, and no out-of-band confirmation that the person sending the ID is the person named on it.
• A documented IDV protocol — applied consistently across all new client files — is the single highest-leverage control a small estate practice can put in place.
• The template is framework-aligned (Privacy Act / APPs) but is operational guidance, not legal advice.

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 deliverable from the DRMO service catalogue. It gives an estate planning practice a ready-to-adopt IDV procedure covering: the documents to collect for each client risk tier (in-person, remote-domestic, remote-overseas, executor-on-behalf-of-deceased-estate), the out-of-band verification steps that confirm the person matches the documents, the staff script for handling instruction changes mid-matter, the storage and retention rules for ID copies aligned to APP 11 (security of personal information) and APP 11.2 (destruction or de-identification), and a one-page audit log your paralegal completes on every new file. The template is designed to be lifted into a small-firm operations manual with light tailoring. It is operational support for Privacy Act obligations — it is not legal advice and does not replace professional indemnity-related sign-off from your principal.

The deliverable

• PDF template (approximately 18–22 pages) covering the full IDV workflow, four client risk tiers, and a per-file audit log
• Written walkthrough document explaining how to adapt each section to your practice, including the personal information handling sections aligned to the APPs
• Editable checklist your paralegal or office manager can run on every new client file
• Reference list of the Privacy Act provisions and OAIC guidance the template aligns to
• Delivered by email within 1 business day of purchase
• One revision pass at 60 days if the OAIC publishes material guidance changes affecting the template’s framework references

CTA

Get the Identity Verification Protocol Template — AUD $149

A productised, self-serve template. No discovery call required. Suitable for sole practitioners and small estate-planning practices wanting a documented, framework-aligned IDV process in place before the next new-client intake.

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner — general regulator site, including Australian Privacy Principles and the Notifiable Data Breaches scheme: https://www.oaic.gov.au/
3. Federal Register of Legislation — Privacy Act 1988 (Cth): https://www.legislation.gov.au/
4. Australian Cyber Security Centre — general guidance on identity-related cyber threats: https://www.cyber.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 productised service shape, DRMO service catalogue)