The scheme made it obligatory for organisations covered by the Australian Privacy Act (this includes all Australian government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more), to notify certain breaches.