We live in an amazing age. Almost every day we witness a new breakthrough or disruptive business model enabled by digital technology. We have the convenience of Hailo, disruption of Airbnb, democratising impact of social media, power of Google search, on-demand logistics efficiency of Amazon.

Yet long shadows are growing across this age. Every tap on our phone screens, every movement with a gadget in our pockets, is transmitted somewhere to be analysed and exploited - often without our knowledge or consent. As a consequence, every day it seems we learn of another security breach, another organisation that has inexcusably lost sensitive personal data.

As I argued at a recent Cambridge Union Society debate, this emergent digital world, which should be bringing so many benefits, is shackled by broken, invasive business models and poor, or absent, security engineering. Almost every organisation around us seems intent on carelessly asset-stripping and fracking our personal data, undermining that most essential of things: trust.

This cavalier abuse of our personal data is about to worsen as the Internet of Things (IoT) embeds around us. Now it will be our fridges, health monitors, cars, and smart meters all leaking our personal data too. Far from helping empower, enrich and improve our lives, the IoT runs the danger of fostering instead a global Internet of Thieves - facilitated by business models and technology that exploit us and undermine our security.

Governments should resist the temptation to tread this same path. The success and credibility of digital public services requires trustworthiness and high quality, robust security engineering. This is partly why the independent Privacy and Consumer Advisory Group (PCAG) which I co-Chair is advising the government on how to ensure the security and privacy of technology, safeguarding citizen's personal data - including principles that underpin the emergent GOV.UK Verify identity assurance process.

Governments are uniquely placed to encourage organisations to adopt a more rigorous approach to security engineering. They can help encourage and enforce this in several ways, from compliance (legislation and regulation) to encouragement (via investment programmes such as Innovate UK, as well as mandatory criteria for suppliers seeking any government contracts).

For the IoT to succeed, we need enlightened, entrepreneurial states to intervene, encouraging and fostering significantly better business models - ones designed for the Internet age. Models underpinned by secure, trustworthy technology that let us easily maintain and control our personal data, enabling us to choose with whom we wish to share it.

This idea of allowing us to directly control our own personal data is hardly new. But it's been little adopted online, probably because it threatens too many business - and indeed some government - interests. It reverses the current exploitative model, empowering us, as both consumers and citizens, to call the shots.

Yet it's precisely this type of approach we need to end the large scale exploitative collection of our personal data and to enable the IoT to flourish. Our ability to safeguard and control our data must be strengthened and enforced. It's time technology empowered us to keep our personal data secure and, well, personal: the clue is in the word.