« Some controllers are “over-reporting'” reporting a breach just to be transparent, because they want to manage their perceived risk or because they think that everything needs to be reported. We understand this will be an issue in the early months of a new system but we will be working with organizations to try and discourage this in future once we are all more familiar with the new threshold.
[…]
In our view, data controllers flooding the ICO with an avalanche of notifications could not be carrying out the appropriate risk analysis – over-notification could attract unnecessary and unwanted attention. »