Traditional privacy systems are usually managed by one party and do not have sufficient protection and supervision to make the database more vulnerable to data breaches. Even if the operator is trustworthy, the centralized privacy system may be attacked by a third party with authorized access rights. Personal privacy data is a valuable item that is easily sold on the gray market, and buyers of stolen data can use this information for fraud or other crimes. In addition to the obvious damage to data owners caused by the misappropriation of private data, such violations pose a significant responsibility to the operators of the central database.
In an attempt to prevent unauthorized third parties from accessing these centralized databases,
operators will limit access to data. However, this usually prevents the identity owner from
accessing his or her own data, which will result in the data being unable to link to the interests of
the identity owner.