Make it prohibitively expensive to leak data (compliance fines, lawsuits) and the problem will solve itself. Companies that collect data will then be begging for certification and regulation.
It would be even better if people learned to refuse to give data irrelevant to the service that they are seeking and/or if there was some sort of regulation about this (I should not have to give my name and address when returning a product for example).