That's the tricky part. Once you've lost it, it's often not an easy thing to obtain again. By the time these people realise, they might not want to put in the required effort to regain their privacy and just lazily continue down the path the government are laying out. I'd imagine that's exactly what the US are banking on.
Privacy lost cannot be regained, but one can choose to prioritize it after a period of not doing so and still achieve some levels of anonymity.
If I have submitted documents to two centralized exchanges and have email and password links around, I cannot redact that information, but I can isolate that from any future transactions I make.
If I buy Bitcoin anonymously through decentralized, P2P services and send them to an unused address on non custodian wallets, no one can link that activity to my already exposed identity. And if there is no transaction activity on my already exposed identity it hopefully doesn't get as much attention.
There's of course always the risk it is sold on the darkweb.
It's unfortunate that we're likely going to end up with a two-tier system. Privacy for a few, surveillance for the many. Purely because some people are negligent.
This will only increase the cost of privacy for the few.