Identity Verification Protocol Template for Melbourne Estate Planning Lawyers: A Defensible Client ID Workflow Under the Privacy Act

You’re drafting a will for a new client referred by an existing one. You’ve never met them in person. The instructions arrive by email, the file is high-value, and the only ID you’ve sighted is a driver’s licence scan. If that client isn’t who they say they are — or if their identity has been stolen and is being used to redirect estate assets — your file becomes the front door to a fraud, and your handling of their personal information becomes a Privacy Act question. This template gives you a documented identity verification workflow you can apply to every new estate matter.

Why it matters now

The Privacy Act 1988 (Cth) regulates how organisations with an annual turnover of more than $3 million — and some smaller organisations — collect, hold, use, and disclose personal information, under the 13 Australian Privacy Principles (APPs), as set out by the Office of the Australian Information Commissioner. Estate planning files are dense with the exact data classes that identity thieves seek: full legal names, dates of birth, addresses, identity document numbers, beneficiary details, and asset schedules. The OAIC also administers the Notifiable Data Breaches scheme, under which APP entities must assess and, where required, notify eligible data breaches involving personal information. A weak or undocumented client identification step at file opening is both a fraud risk (the wrong person gives you instructions) and a privacy risk (you collect and retain identity documents without a defensible process for how they are handled).

The 5-minute view

• The Privacy Act 1988 (Cth) applies to organisations with annual turnover above $3 million and to some smaller organisations, as administered by the OAIC.
• The 13 Australian Privacy Principles govern collection, use, disclosure, storage, and access to personal information held by APP entities.
• Estate planning files routinely contain a dense bundle of identity attributes that are attractive to identity-theft actors.
• Identity-theft scenarios on estate files include impersonation of a new client, impersonation of a beneficiary, and redirection of instructions on an existing file.
• A documented identity verification protocol creates an evidence trail showing the firm took reasonable steps to confirm who it was dealing with at file opening and at instruction-change points.
• Documenting the protocol also supports APP 1 (open and transparent management of personal information) and APP 11 (security of personal information) obligations referenced in OAIC guidance.
• This is an operational template, not legal advice — it gives your firm a workflow to apply, not a legal opinion on your specific obligations.

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 deliverable from the DRMO service catalogue. It is a fixed-scope PDF template plus a written walkthrough that you adapt to your firm’s matter-opening process. The template covers: a tiered verification matrix (in-person, video, document-only) keyed to estate-matter risk indicators; a checklist of identity attributes to capture and cross-check; a documentation log so each verification step is recorded against the matter file; a script for the out-of-band confirmation call to a known number; and a re-verification trigger list for events such as a change of payment instructions, a new beneficiary nomination, or a request to change the executor. The walkthrough explains how each step maps to operational considerations under the Australian Privacy Principles published by the OAIC. The template is delivered as an editable PDF you can integrate into your file-opening pack.

The deliverable

• PDF template — Identity Verification Protocol for Estate Planning Matters (approximately 12 pages)
• Tiered verification matrix (low / standard / elevated risk) with decision criteria
• File-opening identity checklist and documentation log
• Out-of-band verification call script
• Re-verification trigger list for mid-matter instruction changes
• Written walkthrough explaining how to integrate the template into your existing matter-opening workflow
• Delivered via email within 1 business day of payment

CTA

Get the Identity Verification Protocol Template — AUD $149

A productised, self-serve template. No discovery call required. Suitable for estate planning practices in Victoria that want a documented, defensible client identification workflow for new and existing matters.

For ongoing operational support across privacy, identity, and instruction-change risk on the broader estate practice, see the DRMO Retainer (consultative; book a discovery call).

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner — general guidance on the Australian Privacy Principles and the Notifiable Data Breaches scheme is published at the OAIC’s website: https://www.oaic.gov.au/
3. Federal Register of Legislation — Privacy Act 1988 (Cth) is the underlying statute, available at https://www.legislation.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 service shape, productised deliverable)