Identity Verification Protocol Template for Perth Estate Planning Lawyers: A Privacy Act-Aligned Client ID Workflow

A new client walks into your Perth estate practice wanting a will drafted, an enduring power of attorney signed, and a testamentary trust structured around a family home in Cottesloe. You have never met them. The driver’s licence they email you looks fine. Six months later, the “client” is someone else entirely, the real person is on a flight from London asking why their property has been encumbered, and you are explaining to the OAIC how you collected and verified the identifying information on file. The Identity Verification Protocol Template gives your practice a documented, repeatable client-onboarding workflow you can apply on every new estate matter.

Why it matters now

The Privacy Act 1988 (Cth) governs how organisations handle personal information in Australia, including the identifying documents estate practices routinely collect during onboarding. The Office of the Australian Information Commissioner administers the Act, which incorporates the 13 Australian Privacy Principles (APPs) and the Notifiable Data Breaches (NDB) scheme. Estate practices sit on a particularly attractive target set — full name, date of birth, address history, identity documents, asset schedules, beneficiary details — and the loss of that combination through a fraudulent client engagement can produce both an APP-1 governance failure and a notifiable data breach in the same incident. The Australian Cyber Security Centre publishes general guidance on identity-theft threat patterns at https://www.cyber.gov.au/, and ACCC ScamWatch tracks identity-theft and impersonation scam reports at https://www.scamwatch.gov.au/.

The 5-minute view

• The Privacy Act 1988 applies to private-sector organisations with an annual turnover of more than $3 million, and to some smaller organisations, per the OAIC’s published scope of the Act
• Australian Privacy Principle 1 requires APP entities to take reasonable steps to implement practices, procedures and systems that ensure compliance with the APPs — a documented identity-verification protocol is one such practice
• Australian Privacy Principle 11 requires APP entities to take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure
• The Notifiable Data Breaches scheme requires notification to the OAIC and to affected individuals where an eligible data breach involves a likely risk of serious harm
• Estate-planning onboarding typically collects a high-sensitivity bundle (identity documents, asset position, family structure, beneficiary contact data) that materially increases the “serious harm” threshold of any later breach
• Identity-theft impersonation at onboarding is structurally hard to detect after the fact: the practice usually has no prior baseline against which to compare the new “client”
• A written verification protocol, applied consistently, is the evidentiary artefact that lets the practice demonstrate APP 1 and APP 11 reasonable steps to the OAIC if challenged

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 artefact: a pre-built PDF protocol plus a written walkthrough you can adopt into your estate practice’s onboarding manual within a day. It defines a structured client-verification sequence covering (a) the identifying documents to request and the order to request them, (b) the document-authenticity checks aligned to publicly available government issuer guidance, (c) the out-of-band verification step required before a will, EPA or trust document is executed, (d) the file-note format that records what was checked, by whom, and on what date, and (e) the Privacy Act-aligned collection notice and consent wording for the client onboarding pack. The template is generic across Australian estate practices but the walkthrough is annotated for the Western Australian context (Landgate-issued documents, WA driver’s licence format, Law Society of WA professional conduct expectations).

This is not legal advice. The template is operational support for the practice’s own compliance posture under the Privacy Act and is intended to be reviewed by the principal solicitor before adoption.

The deliverable

• One PDF template (approximately 20 pages): the Identity Verification Protocol, ready to brand and adopt into your onboarding manual
• One PDF walkthrough (approximately 8 pages): how to apply each step, how to record the file note, and how the steps map to APP 1 and APP 11
• A one-page collection notice template aligned to APP 5 notification requirements for inclusion in your client engagement pack
• A verification checklist (printable, one page) for the file
• Delivered via email within 1 business day of payment
• Free minor-revision update if the template’s referenced OAIC guidance changes within 12 months of purchase

CTA

Buy the Identity Verification Protocol Template — AUD $149

A single-purchase productised offer. No discovery call required. Suitable for any sole-practitioner or small estate-planning practice that wants a documented, defensible client-onboarding protocol in place this week.

For practices that want the protocol embedded into a wider privacy-and-risk operating model, the DRMO Retainer is a consultative engagement (book a discovery call).

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner (domain root, general privacy and NDB guidance): https://www.oaic.gov.au/
3. Australian Cyber Security Centre (domain root, identity-theft threat guidance): https://www.cyber.gov.au/
4. Australian Competition and Consumer Commission — ScamWatch (domain root, identity-theft scam reporting): https://www.scamwatch.gov.au/
5. Law Society of Western Australia (domain root, professional conduct context): https://www.lawsocietywa.asn.au/
6. Landgate, Western Australia (domain root, WA land-records issuer context): https://www0.landgate.wa.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 service shape, productised)
• Privacy Act onboarding workflow component of the DRMO Estate Practice Shield package