The fact that many organizations don't perform security unless they have to, significantly contributes to more than 80% of all web applications being exposed to vulnerabilities. In comes regulation. There are a number of different industries other than financial and healthcare that deal with PII and PHI but either are not regulated at all or are regulated very loosely. This presentation will discuss the various regulations (PCI, SOX, HIPAA, etc) and what each does to address web application security, if any, as well as the shortcomings of each. Finally, it will address further industries that need to be more strictly regulated in order to better protect personal information.