"High West" has a very nice post on an identifier indemnity index that puts some structure on the peak of my hierarchy of privacy unease, which I'd labelled "Direct Financial Loss". The framework usefully stretches that undifferentiated phrase out into two dimensions of value and impact (though they don't feel completely orthogonal).
My one quibble, likely resulting from the orientation of the original post towards (federated) identity providers, is that it's more than identity that's involved here - most of the entries in the relevant chart are really credential, not identifiers. It's often the binding of the credential to the identity, not the identity itself, that comes under attack.