Identity Verification Protocol Template for WA Estate Planning Lawyers: A Documented Procedure to Reduce Client Impersonation Risk

You take a new will instruction by phone from someone presenting as the long-standing client of a deceased relative. The voice is plausible, the details are public-record, and the executor authority being asserted would unlock a substantial estate. You need a documented identity verification procedure your paralegal can follow on every file — one that holds up if a complaint reaches the Office of the Australian Information Commissioner or if an estate is later challenged. This template gives you that procedure on a single file you can deploy this week.

Why it matters now

The Privacy Act 1988 (Cth) regulates how organisations with an annual turnover of more than $3 million — and some smaller organisations — handle personal information, and it includes the 13 Australian Privacy Principles that apply to APP entities. The Office of the Australian Information Commissioner publishes the Notifiable Data Breaches scheme, under which eligible data breaches involving likely serious harm must be reported. Estate planning files concentrate exactly the categories of personal information that attract scheme attention: government identifiers, financial holdings, family relationships, and signature exemplars. Where a file is opened or amended on the instruction of an impersonator, the firm faces three exposures simultaneously — a potential breach notification obligation, a possible negligence claim from the true beneficiaries, and an estate that may be set aside. A documented, repeatable identity verification procedure is the first line of defence and the first thing a regulator will ask to see.

The 5-minute view

• The Privacy Act 1988 (Cth) and its 13 Australian Privacy Principles regulate the handling of personal information by APP entities, including most law practices over the turnover threshold (OAIC)
• The Notifiable Data Breaches scheme, administered by the OAIC, requires eligible data breaches involving likely serious harm to be reported
• Estate files are a high-value target for identity-based fraud because they aggregate identifiers, asset registers, and signatures in one place
• Verification at file-opening is the control point that is cheapest to implement and most defensible to a regulator
• A documented procedure must specify: which identity documents are accepted, how they are checked, who performs the check, how the result is recorded, and how exceptions are escalated
• An undocumented “we always check ID” practice is materially weaker evidence in a complaint or claim than a signed verification record on the file
• The template in this offer is a procedure document, not legal advice — it operationalises the firm’s own client-identification obligations

What DRMO does about it

The Identity Verification Protocol Template is a productised L1 deliverable: a PDF procedure template that an estate practice can adopt as its documented client-identification protocol, plus a written walkthrough explaining each step and the design rationale. The template is structured to align with the principles of personal information handling expressed in the Privacy Act and the Australian Privacy Principles published by the OAIC, and it is shaped to the practical realities of a WA estate planning file: phone instructions, country clients, executor authority claims, and amendments to existing wills. It is the same protocol logic used inside the consultative DRMO Estate Practice engagement, extracted as a single-file deliverable so a sole practitioner or small practice can adopt it without a discovery call.

The deliverable

• A PDF procedure template (editable text version included) specifying accepted identity documents, the verification steps, the recording format, and the escalation path for failed or anomalous checks
• A separate walkthrough PDF explaining each section of the template, the rationale, and the points at which firm policy must be inserted
• A one-page on-file verification record your paralegal completes per matter
• A checklist for amendments to existing wills (the highest-risk subset)
• Delivered via email immediately on payment; no discovery call required

CTA

Get the Identity Verification Protocol Template — AUD $149

A single productised deliverable. Self-serve, no discovery call. The template is operational support for your client-identification obligations; it is not legal advice and does not replace the firm’s own compliance review before adoption.

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Office of the Australian Information Commissioner (general guidance on the Australian Privacy Principles and the Notifiable Data Breaches scheme): https://www.oaic.gov.au/
3. Federal Register of Legislation — Privacy Act 1988 (Cth): https://www.legislation.gov.au/

DRMO capability references:

• Identity Verification Protocol Template (L1 service shape, productised)
• Estate Practice engagement (L3 consultative; this template is the file-opening control extracted from that engagement)