UK Regulator begs not to be given teeth!
"any new requirements must be proportionate, setting out clear criteria and thresholds for reporting a breach"
Easy. Threshold for reporting a breach = an occurence of a breach. Clear criteria = any organisation, public or private that holds personal data, no matter how big or rich they are.
Of course a regulator with teeth might be expected to actually do something, rather than hand-wringing and waiting for a juicy executive post.