Identity Verification Protocol Template for Fremantle Estate Lawyers: A Client-ID Process Aligned to the Privacy Act

A new client emails your Fremantle practice asking you to draft a will and update beneficiary details on a self-managed super fund. The documents they send look right. Their voice on the phone sounds plausible. But you have never met them in person, and the identity documents arrived as PDFs through a free email account. If the person on the other end is not who they say they are, your file becomes the vehicle for an identity-theft fraud against a real estate. This template gives your practice a defensible, repeatable identity-verification process before instructions are accepted.

Why it matters now

Estate planning files are an attractive target for identity-driven fraud because they sit at the intersection of high-value assets, vulnerable clients, and irreversible instructions. Australian legal practices handling personal information are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles, which the Office of the Australian Information Commissioner administers and which apply to organisations with annual turnover above the threshold the OAIC sets out. APP 11 requires reasonable steps to protect personal information from misuse and unauthorised access, and the Notifiable Data Breaches scheme requires eligible breaches to be reported to the OAIC and affected individuals. A weak or inconsistent identity-verification process at intake is a direct risk vector for both an APP 11 failure and a notifiable breach.

The 5-minute view

• The Privacy Act 1988 (Cth) is administered by the Office of the Australian Information Commissioner and contains 13 Australian Privacy Principles applying to “APP entities”
• APP 11 requires APP entities to take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure
• The Notifiable Data Breaches scheme requires eligible data breaches to be notified to the OAIC and to affected individuals
• Identity theft targeting estate files commonly uses a combination of plausible documents, free email accounts, and pressure to execute quickly before in-person verification can occur
• Out-of-band verification — confirming identity through a channel separate from the original instruction — is a baseline control recommended by the Australian Cyber Security Centre, which publishes general guidance at https://www.cyber.gov.au/
• A documented verification protocol provides evidence of “reasonable steps” if a complaint is later made to the OAIC or AFCA
• Estate lawyers in WA also operate alongside trust account and AML obligations, making a single consistent intake protocol operationally efficient

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 artefact: a PDF protocol and walkthrough designed for an estate planning practice to adopt as its intake control for new clients and for instructions on existing files that materially change beneficiaries, executors, or asset disposition. It defines the document set required, the order of verification steps, the out-of-band confirmation script, the escalation path when documents fail verification, and the file-note format that records what was checked and by whom. The template is written to support compliance with APP 11 by documenting “reasonable steps” taken at intake. It is operational support — not legal advice — and is intended to sit alongside the practice’s own professional-conduct obligations under the Legal Profession Uniform Law and Law Society of Western Australia guidance.

The deliverable

• PDF Identity Verification Protocol Template (approximately 12 pages) covering new-client intake and high-risk instruction changes
• Walkthrough document explaining how to deploy the protocol inside an existing matter-management workflow
• Verification checklist in a printable one-page format for use on each file
• Out-of-band confirmation call script and file-note template
• Escalation pathway for documents that fail verification
• Delivered via email within 1 business day of payment

CTA

Buy the Identity Verification Protocol Template — AUD $149

A self-serve productised template. No discovery call required. Adoption is at the discretion of the practice, and the template does not substitute for legal advice on the firm’s professional-conduct or privacy obligations.

For tailored implementation across a multi-practitioner firm, see the DRMO consultative engagements (book a discovery call).

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner (domain root, for Australian Privacy Principles and Notifiable Data Breaches scheme guidance): https://www.oaic.gov.au/
3. Australian Cyber Security Centre (domain root, for general identity-fraud and out-of-band verification guidance): https://www.cyber.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 service shape, productised)