Identity Verification Protocol Template for Brisbane Estate Planning Lawyers: A Documented Process for Verifying Clients Before Will and Estate Instructions

You take instructions from an elderly client over Zoom. The will is straightforward, the bequest substantial, and the file moves to drafting. Three months later, the “client” turns out to be a relative who impersonated them — credentials borrowed, ID scans repurposed, identity assumed. Most estate firms have no written identity-verification protocol mapped to the Privacy Act and no documented evidence of the steps the file-handler took before accepting instructions. This template is that protocol.

Why it matters now

The Privacy Act 1988 (Cth) regulates how organisations with an annual turnover above the threshold handle personal information, and the Office of the Australian Information Commissioner (OAIC) administers the 13 Australian Privacy Principles (APPs) that govern collection, use, security, and disclosure of personal information. The OAIC also operates the Notifiable Data Breaches scheme, which applies when personal information held by an APP entity is subject to unauthorised access or disclosure likely to result in serious harm. Estate planning files concentrate exactly the data set identity thieves want — full name, date of birth, address history, signature samples, government ID, asset summaries, and beneficiary details — which makes the verification step at intake a structurally important control. A documented protocol matters as much as the protocol itself: when something goes wrong, the file note is the record.

The 5-minute view

• The Privacy Act 1988 (Cth) is administered by the OAIC and imposes obligations on APP entities for how personal information is collected, stored, and secured (OAIC, The Privacy Act).
• Australian Privacy Principles 1, 3, 5, 6, and 11 are the principles most directly engaged by client-identity verification at intake — collection, notification, use limitation, and security of personal information.
• Estate planning files are high-value identity-theft targets because they aggregate the full identity dataset alongside asset and beneficiary information.
• Remote intake (video, email, e-signature) increases the structural risk: the file-handler does not see the physical client or original ID.
• The Notifiable Data Breaches scheme, administered by the OAIC, requires APP entities to assess and, where applicable, notify breaches likely to result in serious harm.
• The Australian Cyber Security Centre publishes general guidance on identity verification and credential abuse at https://www.cyber.gov.au/.
• A written identity-verification protocol creates the contemporaneous file note that lets the firm demonstrate the steps actually taken — which is what matters under investigation.

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 offer designed for solo and small estate planning practices that need a defensible written process without commissioning a custom build. The template sets out a tiered verification approach (low / medium / high-risk intake), maps each step to the relevant Australian Privacy Principle obligation, and provides the file-note pro-forma a practitioner completes against each new client. It is delivered with a walkthrough document explaining how to integrate the protocol into existing intake workflows, how to handle remote-only intake, and what to record when a verification step fails or is escalated. This is operational support for documenting Privacy Act compliance — not legal advice on the Privacy Act itself.

The deliverable

• PDF template: Identity Verification Protocol, approximately 18 pages, customisable for firm name and intake channels
• Walkthrough document explaining each step, the rationale, and the APP mapping
• File-note pro-forma (Word and PDF) for per-client use
• Escalation matrix for failed or ambiguous verifications
• Delivered by email within 1 business day of payment
• One revision pass on firm-specific customisation included

CTA

Buy the Identity Verification Protocol Template — AUD $149

A single-purchase productised template. No discovery call required. Designed for Brisbane estate planning lawyers and small private-client practices that need a documented verification process mapped to the Privacy Act and APPs.

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner (general regulator reference, including the Notifiable Data Breaches scheme and Australian Privacy Principles): https://www.oaic.gov.au/
3. Australian Cyber Security Centre (general guidance on identity and credential abuse): https://www.cyber.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 service shape) — DRMO service catalogue
• Surface area matrix entry: estate-lawyers/brisbane/privacy-act-client-identity-theft