Client Identity Verification Template for Bunbury Estate Lawyers: A Privacy Act-Aligned Protocol for High-Value Estate Files

A new client engages you to draft a will and an enduring power of attorney. You meet them once in your Bunbury office, take a photocopy of a driver’s licence, and open the file. Six months later, the executor calls: the “client” was not the person they claimed to be, and the estate has been re-routed. Most regional estate practices do not have a written identity verification protocol that survives a Privacy Act complaint or an internal file audit. This template gives you one.

Why it matters now

The Privacy Act 1988 (Cth) regulates how organisations with annual turnover over $3 million — and certain other organisations — handle personal information, and includes 13 Australian Privacy Principles (APPs) administered by the Office of the Australian Information Commissioner. Estate planning files concentrate exactly the data class that identity-theft offenders target: full name, date of birth, address history, signature specimens, beneficiary relationships, and copies of government-issued identity documents. The OAIC also administers the Notifiable Data Breaches scheme, which requires eligible data breaches involving likely serious harm to be reported. A written, file-level identity verification protocol is the operational control that supports APP 11 (security of personal information) and reduces the likelihood that a fraudulent instruction reaches will execution or asset transfer stages.

The 5-minute view

• The Privacy Act 1988 (Cth) is administered by the OAIC and contains 13 Australian Privacy Principles applicable to APP entities
• APP 11 requires APP entities to take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure
• The Notifiable Data Breaches scheme, administered by the OAIC, requires notification of eligible data breaches likely to result in serious harm
• Estate planning files are a high-value target for identity-theft offenders because they aggregate identity documents, asset records, and beneficiary relationships in a single dossier
• A written verification protocol — applied consistently to every new estate client — produces the file evidence regulators expect when an incident is reviewed
• Common weak points in regional practice files include single-source identity (driver’s licence only), no second-channel verification, photocopied (not certified) ID, and no record of who verified the client or when
• The template applies whether your firm sits under the $3 million APP threshold or above it: the same operational discipline is needed to defend any future complaint to the OAIC or the Legal Practice Board

What DRMO does about it

The Identity Verification Protocol Template is an L1 productised deliverable: a written protocol you adopt into your estate planning intake process, not a consulting engagement. It is built around APP 11’s “reasonable steps” framing and the document-handling pattern that estate files demand. The template covers the verification step itself (which documents, how many channels, what to retain), the file-record step (what evidence to keep on the matter file, in what form, for how long), and the escalation step (what to do when a document, instruction, or signature pattern fails verification). It is delivered as a PDF template with a written walkthrough so a sole practitioner or a small Bunbury firm can adopt it without an external trainer.

This template is the L1 entry point into DRMO’s estate-file protection workstream. Firms that need protocol design across multiple matter types or a documented APP-aligned privacy program engage the L3 Privacy Operations consult.

The deliverable

• PDF Identity Verification Protocol Template (approx. 12 pages), fillable with your firm name and matter file references
• Written walkthrough explaining each step, what evidence the step produces, and which APP it supports
• File-record checklist for matter file inclusion
• Escalation flowchart for failed verifications
• Suggested retention schedule consistent with the OAIC’s general guidance on personal information handling
• Delivered via email within 1 business day of payment

CTA

Buy the Identity Verification Protocol Template — AUD $149

A single-firm licence, productised. No discovery call required. Suitable for sole practitioners and small estate practices in Bunbury and the South West region adopting a written intake protocol for the first time, or replacing an undocumented practice.

For firms needing a documented APP-aligned privacy program across multiple service lines, the L3 Privacy Operations consult is available as a separate engagement (book a discovery call).

Sources

1. Office of the Australian Information Commissioner — The Privacy Act overview: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner — general guidance on the Australian Privacy Principles and the Notifiable Data Breaches scheme, published at the OAIC website: https://www.oaic.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 service shape, surface area matrix entry)
• Privacy Operations consult (L3 escalation path)