The contact details that you supply when you apply for a wattle.id.au domain (and in subsequent changes and correspondence) will be stored in the wattle.id.au database.
This database is stored on a machine used by the wattle.id.au adminstrator with permissions set so that other users cannot access it. In addition, it is often stored only in PGP encrypted format (although obviously, it must be decrypted for the wattle.id.au adminstrator to work on it). As it happens, the database is currently a single ascii text file.
A copy of this database is periodically (usually every 1-2 months) sent to Giles Lean, who maintains a backup copy of the database. The database is always transmitted in PGP encrypted format so that only Giles Lean and David Keegel can decrypt it. Giles just stores the latest copy, in encrypted format only.
The following information is considered public:
The contact details will generally be e-mailled to the listed email address of the registrant following a successful application. The exception to this is where strictly confidential has been selected, in which case the contact details will not even be sent to the applicant. (It is assumed that anyone who selects strictly confidential has a large degree of paranoia about maintaining their privacy, to the point where they might be worried about people intercepting their email.)
In various cases, the contact details may also be sent by e-mail to the registrant in case of changes. Unless strictly confidential was selected in the registration.
Where the id.au administrator (currently Robert Elz) directs that information should be divulged, then this will be done.
In cases C & D listed under "Termination" in the wattle.id.au policy:
(C) the domain name is used for illegal or anti-social purposes (eg: harassment, mail bombing, spamming), in the judgment of the administrator of wattle.id.au, OR (D) information supplied in the application or otherwise supplied by the applicant to the administrator of wattle.id.au regarding the domain is found to have been fraudulent (deliberately false), in the judgment of the administrator of wattle.id.au.then contact information might be supplied to particular third parties if the wattle.id.au administrator is satisfied that this is appropriate. (No cases of this have happened in the first 5 years of wattle.id.au operation, and it is not something which would be taken lightly if it ever did happen.)
A registry key is assigned to each domain when it is registered. This registry key must be given to make changes to the domain later. It is the registrant's responsibility to update details when they change.
If the registry key is lost, the registrant may request the key to be emailled to the address listed in the wattle.id.au database.
This section still under construction.
What about other things you haven't mentioned?
You can expect that no details will be divulged other than as allowed above. A few things can be specifically ruled out under any circumstances:
So what's the difference between mostly confidential (which most people select) and strictly confidential?
For strictly confidential domains, the personal contact details (phone, fax, street address) will not be sent across the Internet in plain text, even to the domain owner!
In general, it would be assumed that the registrant would rather loose their domain than risk the possibility of their contact details being given to someone else.
For example, if you loose your registry key and your email address has changed and you selected strictly confidential, then you have lost the ability to make any changes to your domain.
As another example, if something naughty (like spamming or hacking) was happening under the name of your domain, then someone who selected strictly confidential is much more likely to have their domain suspended forthwith, because alternatives like passing personal details on to people who could help resolve the problem are not available.