Private schools, except in rare cases, must comply with the National Privacy Principles contained in Schedule 3 of the Privacy Act 1988 (Commonwealth).
The Privacy Act defines personal information as: "Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion."
This definition would therefore likely include addresses and contact information of a student.
Schools are always permitted to use or disclose information for the primary purpose for which it was collected. However, a school must not use or disclose personal information about an individual for a purpose other than the primary purpose of collection unless one of the exceptions under the NPPs apply.
With regard to the inadvertent disclosure of information there is also a requirement that schools take reasonable steps to protect personal information they hold from misuse, interference, loss and unauthorised access, modification or disclosure. The level of security employed by schools should be proportionate to the risk involved if the information was to be disclosed.
If a school was to breach the Privacy Principles - the situation could be investigated by the Privacy Commissioner upon complaint by an affected person. The Privacy Commissioner has the power to seek pecuniary penalties (fines) in circumstances where there has been a serious or repeated breach.
If you are concerned about something I would contact the Privacy Commission and seek their advice as to how to proceed. However if you have not suffered damage as a result of the incident and it was an inadvertent breach on behalf of the school, I don't see how there is much to be gained by such a course.