Australian privacy law centres on the Privacy Act 1988 and the thirteen Australian Privacy Principles, regulated by the Office of the Australian Information Commissioner. Whether your website is fully covered depends partly on your size, so this is a practical starting point rather than legal advice.
The Act applies to most Australian Government agencies and to private organisations with an annual turnover above 3 million dollars. Many small businesses under that turnover are exempt, but there are important exceptions, including businesses that trade in personal information, provide health services, or are contracted to government.
Even where the Act does not strictly apply, following its principles is good practice and builds customer trust, and reform of the Act has been on the agenda, so the safe move is to handle data well regardless.
The Australian Privacy Principles cover the full life cycle of personal information: being open about what you collect, only collecting what you need, using it for the purpose you stated, keeping it secure, and giving people access to their own information.
In website terms that means a clear privacy policy, collecting only the data your forms genuinely need, and protecting it properly.
Under the principles, if you disclose personal information to an overseas recipient you generally remain accountable for how it is handled. Using hosting and services located in Australia, or taking reasonable steps to ensure overseas providers meet the principles, keeps that obligation manageable.
Knowing where your host stores data is the first step in answering this question honestly in your privacy policy.
HostBible keeps your site fast for Australian visitors with SSL as standard, so handling personal information responsibly starts on solid ground.
View Hosting Plans