Identity Verification Protocol Template for Mandurah Estate Lawyers: A Privacy Act-Aligned Client ID Process

A new client walks in wanting to update their will and change the executor on their estate. You have never met them in person. They send a driver’s licence photo by email and ask whether you can act on a signed PDF authority before they fly out next week. Your team needs a documented, defensible process for verifying that this person is who they say they are — and for handling the ID documents in a way that does not become a Privacy Act problem for the firm.

Why it matters now

Estate planning files concentrate exactly the personal information that identity-theft actors want: full name, date of birth, address history, beneficiary details, asset registers, and copies of government-issued ID. The Privacy Act 1988 (Cth) regulates how organisations handle personal information through the 13 Australian Privacy Principles, and the Office of the Australian Information Commissioner administers both the Act and the Notifiable Data Breaches scheme. Many small-to-mid law firms sit at or near the $3 million annual turnover threshold that brings them within scope of the Act, and even firms below the threshold typically opt in or are caught by the health information and TFN provisions when handling estate matters. A documented identity verification protocol is the foundation for being able to demonstrate, after the fact, that the firm took reasonable steps to confirm a client’s identity before acting on instructions.

The 5-minute view

• The Privacy Act 1988 (Cth) is administered by the OAIC and contains 13 Australian Privacy Principles applying to “APP entities” (most Australian Government agencies and private-sector organisations with annual turnover above $3 million, plus some other organisations).
• The OAIC also administers the Notifiable Data Breaches scheme, which requires APP entities to notify affected individuals and the Commissioner of eligible data breaches.
• Estate planning files routinely contain the data set most useful to identity-theft actors: government-issued ID, date of birth, address, signature samples, and beneficiary details.
• A documented identity verification protocol gives the firm a repeatable process to apply consistently across new clients, remote clients, and instruction changes from existing clients.
• The protocol distinguishes between initial onboarding verification, ongoing verification on high-risk instructions (executor change, beneficiary change, large distribution), and verification of third parties claiming to act for the client.
• Storage and retention of ID documents is itself a Privacy Act question — APP 11 (security of personal information) and APP 11.2 (destruction or de-identification when no longer needed) both apply.
• This template is operational support for the firm’s Privacy Act obligations; it is not legal advice on the construction of the Act.

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 deliverable: a PDF template the firm can adopt, adapt, and operationalise without a consulting engagement. The template covers the verification steps for three client situations (in-person new client, remote new client, existing client issuing a high-risk instruction), the document set to capture for each, an APP 11-aligned approach to storage and retention of ID copies, and a per-file verification record sheet your team completes and retains on the matter file. A short walkthrough document explains how each section maps to the relevant Australian Privacy Principles so the firm can defend the design choice if questioned. The template is drawn from the same protocol that anchors the DRMO Estate File Shield consulting engagement, productised for self-serve adoption by firms that want the artefact without the engagement.

The deliverable

• PDF Identity Verification Protocol template (editable on receipt — supplied as PDF plus an editable Word version)
• Three workflow paths: in-person new client, remote new client, high-risk instruction from existing client
• Per-file verification record sheet for retention on the matter file
• APP-mapping walkthrough document explaining how each step supports APP 1, APP 6, APP 11, and APP 12 obligations
• Storage-and-retention guidance for ID document copies aligned to APP 11
• Delivered via email within 1 business day of payment

CTA

Get the Identity Verification Protocol Template — AUD $149

A single-purchase productised template. No discovery call required. Suitable for any Western Australian estate or wills-and-probate practice that wants a documented, Privacy Act-aligned client identity verification process in place across its files.

For implementation support across an existing matter book, see the DRMO Estate File Shield engagement (consultative).

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner (regulator domain root, for general guidance on the Australian Privacy Principles and the Notifiable Data Breaches scheme): https://www.oaic.gov.au/
3. Federal Register of Legislation — Privacy Act 1988 (Cth) (statute domain root): https://www.legislation.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 service shape) — productised template, AUD $149.
• Estate File Shield (consulting engagement) — implementation support across an existing matter book.