Identity Verification Protocol Template for Sydney Estate Lawyers: A Documented Client-ID Process Aligned to the Privacy Act

You take instructions from a new client to draft a will or administer an estate. They send a driver’s licence photo by email, you have one phone call, and the file moves forward. Months later, a beneficiary disputes the deceased’s signature, or the “client” turns out to have been impersonating an elderly relative. Your file shows a licence scan and a file note — and not much else to demonstrate how you verified the person was who they said they were. The Identity Verification Protocol Template gives your firm a documented, repeatable client-ID process you can apply to every estate matter and produce on demand.

Why it matters now

The Privacy Act 1988 (Cth) regulates how Australian organisations with an annual turnover of more than $3 million — and some smaller organisations — handle personal information, and is administered by the Office of the Australian Information Commissioner. The Act incorporates 13 Australian Privacy Principles that govern collection, use, storage, and disclosure of personal information, and the Notifiable Data Breaches scheme requires APP entities to notify affected individuals and the OAIC of eligible data breaches. Estate files concentrate exactly the data set an identity-theft actor wants: full name, date of birth, address history, signature exemplars, Medicare and licence numbers, beneficiary details, and asset schedules. A documented identity-verification protocol is the operational backbone that lets a small or mid-sized estate practice demonstrate that personal information was collected, verified, and held in line with APP obligations — and it is the first artefact a regulator or insurer will ask for after a suspected impersonation.

The 5-minute view

• The Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles regulate how APP entities collect and handle personal information, including client-identifying data held on estate files
• The Notifiable Data Breaches scheme, administered by the OAIC, requires eligible data breaches involving personal information to be notified to affected individuals and the Commissioner
• Estate-planning files aggregate high-value identity data (DOB, address, signature, Medicare, licence, asset schedules) in a single matter folder — a structurally attractive target for identity-theft actors
• Verification by emailed licence image alone is widely treated as a weak control: there is no liveness check, no document-authenticity test, and no audit trail tying the document to the person sitting in front of you
• A documented protocol — what you collect, how you verify it, who reviews it, and how the record is retained — is the evidence base your firm can produce if a matter is later challenged
• The OAIC publishes guidance for APP entities on personal-information handling at https://www.oaic.gov.au/

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 deliverable from the DRMO service catalogue. It provides a fixed-scope PDF template your estate-planning practice can adopt, adapt to your matter intake workflow, and apply consistently across new client files. The template covers the verification steps to run for an in-person client, a remote client, and an attorney/executor acting under authority; the documents to collect and the authenticity checks to perform on each; the file-note format that records who verified what, when, and how; and the retention and access controls that align the verification record with Australian Privacy Principle obligations. A short written walkthrough explains how to embed the protocol into a typical estate intake, what to do when a step cannot be completed, and how the record supports a Notifiable Data Breaches response if the file is later compromised. This is operational support for Privacy Act obligations — not legal advice on Privacy Act interpretation.

The deliverable

• PDF template: Identity Verification Protocol for Estate Practices (approximately 12 pages)
• Three verification pathways covered: in-person client, remote client, third-party representative (executor/attorney)
• File-note template and retention-log template included as appendices
• Written walkthrough (PDF) explaining how to embed the protocol into matter intake
• Licensed for use within a single legal practice; adaptable to the firm’s letterhead and matter-management system
• Delivered via email within 1 business day of payment

CTA

Buy the Identity Verification Protocol Template — AUD $149

A single-purchase productised template. No discovery call required. Suitable for solo and small estate-planning practices in Sydney and across Australia that need a documented client-ID process aligned to the Privacy Act 1988 (Cth).

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner (domain root, general guidance for APP entities and the Notifiable Data Breaches scheme): https://www.oaic.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 productised service shape, DRMO service catalogue)