Identity Verification Protocol Template for Geraldton Estate Lawyers: A Documented Process for Verifying Clients Before You Take Will Instructions

A new client books a will-drafting appointment in your Geraldton office. They send through a driver’s licence scan and a Medicare card by email, the appointment is by phone because they’re working out of Karratha, and they want the will executed urgently because they’re flying overseas next week. Your paralegal needs to know — today, not after a regulator audit — whether the identity evidence on file is enough, what to retain, and how to document the decision if it later turns out the “client” was someone impersonating a real person whose identity was stolen.

Why it matters now

The Privacy Act 1988 (Cth) regulates how Australian organisations handle personal information, including the identity documents estate lawyers routinely collect from will-making clients. The Office of the Australian Information Commissioner (OAIC) administers the Act and its 13 Australian Privacy Principles (APPs), which set out obligations covering collection, use, storage, and disclosure of personal information by APP entities. Estate planning files concentrate exactly the categories of personal information — full legal name, date of birth, address history, identifier documents, asset disclosures, and family relationships — that are most useful to an identity thief, and a stolen identity used to procure a fraudulent will is materially harder to unwind than a stolen credit card. Geraldton firms taking instructions remotely across the Mid West and Gascoyne face the structural problem of verifying clients they have never met in person, which the Privacy Act does not solve for them but does hold them accountable for handling.

The 5-minute view

• The Privacy Act 1988 (Cth) applies to organisations with an annual turnover of more than $3 million, and to some smaller organisations, as set out by the OAIC at https://www.oaic.gov.au/
• The Act contains 13 Australian Privacy Principles (APPs), covering open and transparent management of personal information, collection limits, use and disclosure, data quality, and data security
• APP 11 requires APP entities to take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure
• The Notifiable Data Breaches scheme, administered by the OAIC, requires eligible data breaches involving personal information to be notified to the Commissioner and affected individuals
• Estate planning files typically contain a full identity dossier (name, DOB, address, identifier documents, asset position) — the same combination required to open accounts or transfer property in the client’s name
• A documented identity verification protocol — applied consistently and recorded on file — produces the evidentiary record needed to demonstrate “reasonable steps” if a file is later challenged
• The Australian Cyber Security Centre publishes general guidance on identity-theft threats and verification practices at https://www.cyber.gov.au/

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 deliverable: a documented, ready-to-adopt verification process that an estate planning practice can drop into its client onboarding workflow without a discovery call. It covers the in-person, video, and remote scenarios most relevant to a regional WA practice serving clients across the Mid West, sets out the document categories to sight and retain (and which to sight-and-discard), defines a points-based threshold for proceeding versus escalating, and provides the file-note language that records the verification decision on the matter file. The template is aligned to the structure of APP 1 (open and transparent management) and APP 11 (security of personal information) as published by the OAIC, and is designed for a sole practitioner or small-firm paralegal team to operate without additional software.

The deliverable

• PDF protocol template (approximately 20 pages) covering in-person, video, and remote identity verification scenarios
• Points-based verification matrix with documented thresholds for “proceed,” “escalate,” and “decline”
• File-note templates with pre-drafted wording for recording the verification decision
• Document handling appendix covering what to retain, what to redact, and what to discard, with reference to APP 11
• Recorded walkthrough (approximately 25 minutes) explaining how to embed the protocol into an existing client-intake workflow
• Delivered via email within 1 business day of payment

CTA

Buy the Identity Verification Protocol Template — AUD $149

A single-purchase productised template. No discovery call required. Suitable for sole practitioners and small estate-planning teams in Geraldton and the wider Mid West who want a documented verification process they can adopt this week.

For firms wanting the protocol implemented and audited against their existing matter management system, the L3 consultative engagement is available separately.

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner — homepage and regulator entry point: https://www.oaic.gov.au/
3. Australian Cyber Security Centre — general guidance on identity-theft threats: https://www.cyber.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 productised service shape)
• Source material: DRMO service catalogue, L1 deliverables register