Identity Verification Protocol Template for NSW Estate Planning Lawyers: A Documented VOI Process Aligned to the Privacy Act

You’re drafting a will for a client you’ve only met by video call. The instructions ask for a substantial beneficiary change and a new executor. Your file note says “verified driver’s licence on screen” — but if the testator’s identity is later challenged, or if your firm is the entry point for an impersonation attack, that file note is the only thing standing between you and a Privacy Act complaint, a Law Society notification, or a contested probate. This template gives your practice a written, repeatable identity verification protocol you can apply to every estate file.

Why it matters now

The Privacy Act 1988 (Cth) regulates how Australian organisations with an annual turnover above $3 million — and many smaller legal practices captured by exceptions — handle personal information, through the 13 Australian Privacy Principles. The Office of the Australian Information Commissioner administers the Act and the Notifiable Data Breaches scheme, under which “eligible data breaches” likely to result in serious harm must be notified to affected individuals and the Commissioner. Identity documents collected during estate instructions (driver’s licences, passports, Medicare cards) are exactly the data set targeted in impersonation fraud against elderly testators and in identity-theft attacks where a fraudster poses as a client to redirect estate assets. A documented verification protocol is the first piece of evidence a regulator or a court will ask for if the verification is later questioned.

The 5-minute view

• The Privacy Act 1988 (Cth) applies to APP entities including most legal practices above the turnover threshold, and to all practices handling tax file numbers or health information regardless of turnover (OAIC).
• Australian Privacy Principle 11 requires APP entities to take “reasonable steps” to protect personal information from misuse, interference, loss, and unauthorised access — a documented identity verification protocol is direct evidence of those reasonable steps.
• The Notifiable Data Breaches scheme requires notification to the OAIC and affected individuals where an eligible data breach is likely to result in serious harm.
• Remote instruction-taking (video call, email, courier-witnessed signing) increases the surface area for impersonation; without a written protocol, verification practice varies between solicitors in the same firm.
• The ACCC’s Scamwatch service tracks identity theft and impersonation as a top-loss category targeting older Australians, who form the bulk of estate-planning client books.
• A defensible verification protocol covers: documents accepted, the witnessing method, capacity flags, file-note wording, retention, and the escalation path when a document fails verification.
• This template is a one-off purchase — no consulting engagement, no discovery call — designed to be lifted into a firm’s practice manual the same day.

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 deliverable from the DRMO service catalogue. It is a written protocol drafted for an Australian estate-planning practice, mapping each step of client identity verification to the relevant APP obligation and to operational controls a small or mid-size firm can actually execute. The template is framework-aligned, not legal advice — it is an operational document your firm adopts and adapts, with the legal review remaining with your practice. It complements (and does not replace) the verification of identity requirements that apply under the Conveyancing Rules for land transactions; for estate work specifically, where no statutory VOI standard exists, this template gives your file the documented, repeatable practice the Privacy Act expects under APP 1 (“open and transparent management of personal information”) and APP 11.

The deliverable

• PDF identity verification protocol template (approx. 18 pages), drafted in plain English, ready to brand and adopt
• Per-step mapping to the relevant Australian Privacy Principle and the operational reason for each step
• File-note wording library: phrases your solicitors can paste into the matter file when verification is completed, deferred, or escalated
• Document acceptance matrix: which combinations of identity documents satisfy the protocol, by client channel (in-person, video, courier)
• Capacity and duress flag checklist for elderly-testator files
• Walkthrough document explaining how to roll the protocol out across a practice in one partner meeting
• Delivered via email within 1 business day of payment; one PDF, no recurring fee

CTA

Buy the Identity Verification Protocol Template — AUD $149

A one-off productised purchase. No discovery call required. The template is supplied as a working document; your firm reviews, adapts, and adopts it within your own practice management.

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner (domain root, for the Australian Privacy Principles and the Notifiable Data Breaches scheme): https://www.oaic.gov.au/
3. Australian Competition and Consumer Commission — Scamwatch (identity theft and impersonation category, domain root): https://www.scamwatch.gov.au/
4. Federal Register of Legislation — Privacy Act 1988 (Cth), domain root: https://www.legislation.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 productised service shape, DRMO service catalogue)