Some people want more laws making it mandatory to report all, 100%, of data breaches:
Having such laws has other consequences that also contradict the intent, even if the intent is honest.
Just as with all regulatory control legislation, the public may trust those laws too much, and they let their guard down too much. L
The public may trust such laws to keep their bank accounts or identifiers safe, even when they don’t, and therefore don’t prepare as they should or take the precautions they should. Imagine there were no laws at all requiring protection of personal financial identifiers.
In fact the public DOES trust such laws too much, just as they trust regulators to keep us safe from bad guys, from pollution, from bad water, from bad food, and from scams. In some of these cases, private parties (persons, companies) are prohibited by law from protecting themselves.