What regulations are in place (if any) from stopping website owners from stealing information (passwords) from databases, as the owner of the website? I understand in many cases a hashing algorithm is used, but what about the other cases?