I'm sure if our privacy laws include a damages clause where any web site that discloses, leaks or gets hacked and compromises its user info must pay each user $250 in damages to resecure all their info again these companies would see their data is kept secure. Who stores passwords unencrypted?