Identity Verification Protocol Template for Victorian Estate Planning Lawyers: A Defensible Client-ID Process Under the Privacy Act

A new client books a will-and-EPOA appointment by email. They send a driver licence photo, a Medicare card image, and a self-styled “signed authority” attached to a Gmail address. Your paralegal opens a matter. Three weeks later, a relative phones to say the person who instructed you is not who they claimed to be. The Identity Verification Protocol Template gives your firm a standing, documented process for verifying client identity at intake — so the file shows what you did, when, and against what evidence.

Why it matters now

Estate planning sits at a structurally high-value point for identity-theft attacks: a fraudulent will, EPOA, or estate distribution instruction can transfer significant assets with limited downstream reversal. The Privacy Act 1988 (Cth) applies to law firms with annual turnover above $3 million and to many smaller firms by virtue of handling health information or contracting to government, and the Office of the Australian Information Commissioner (OAIC) administers the 13 Australian Privacy Principles (APPs) governing how personal information — including identity documents — must be collected, secured, and disclosed. The Notifiable Data Breaches scheme also requires APP entities to assess and notify eligible breaches of personal information. A documented identity verification protocol is the operational evidence that the firm collected only what was necessary (APP 3), secured it (APP 11), and can demonstrate the process if challenged by a regulator, a beneficiary, or a court.

The 5-minute view

• The Privacy Act 1988 (Cth) is administered by the OAIC and includes 13 Australian Privacy Principles applying to “APP entities” — generally organisations with annual turnover above $3 million, plus health service providers and some others
• APP 3 limits collection of personal information to what is reasonably necessary for the entity’s functions — relevant when deciding which identity documents to take and retain
• APP 11 requires APP entities to take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access — relevant to how scanned ID is stored
• The Notifiable Data Breaches scheme, administered by the OAIC, requires assessment and notification of eligible data breaches of personal information
• Estate matters concentrate high-value, low-reversibility instructions (wills, EPOAs, distribution directions) that make impersonation attractive to attackers
• A standing identity verification protocol gives the firm a repeatable, file-by-file evidence trail that the verification step occurred and what was checked
• Victorian estate practice frequently involves remote or interstate clients, where in-person sighting is not always possible — the protocol covers a tiered remote-verification path

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 document pack designed for small-to-mid Victorian estate practices that do not yet have a written, defensible client-ID process. It provides a customisable PDF protocol covering: which identity documents to request at intake, how to record the verification step on the matter file, how to handle remote (non-in-person) verification, retention and destruction rules consistent with APP 11 obligations, and an incident-trigger checklist that aligns the firm’s response to the OAIC’s Notifiable Data Breaches scheme. The template is paired with a written walkthrough explaining how each step maps to the APPs cited above. This is the same protocol foundation that underpins the higher-tier DRMO Estate Practice Shield engagement, packaged as a self-serve document for firms that want to stand up the process without a consulting engagement.

The deliverable

• PDF Identity Verification Protocol Template (approximately 12 pages) — customisable for your firm name, matter-management system, and retention policy
• Written walkthrough document mapping each protocol step to the relevant APP (APP 3, APP 5, APP 11) and to the Notifiable Data Breaches assessment trigger
• Intake checklist (one-page, file-attachable) for paralegals and support staff
• Remote-verification decision tree for clients who cannot attend in person
• Retention and destruction schedule template for identity document copies
• Delivered via email within 1 business day of payment; no discovery call required

CTA

Buy the Identity Verification Protocol Template — AUD $149

A self-serve productised offer. Suitable for sole-practitioner and small-firm Victorian estate practices that need a written, defensible client-ID process without commissioning a custom consulting engagement. This template provides operational support for Privacy Act obligations; it is not legal advice and does not substitute for the firm’s own professional judgement on a specific matter.

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner (domain root, for general privacy and Notifiable Data Breaches scheme guidance): https://www.oaic.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 productised service shape) — DRMO service catalogue
• Estate Practice Shield (higher-tier consulting engagement that contains this protocol as a sub-component) — DRMO service catalogue