Can anyone solve this little problem for me?

Got a growing database of usernames and passwords but I'm wondering if I'm breaking the data protection act by clearly being able to see the passwords of anyone who signs up.

I'm tempted to to MD5 the passwords and have only the hashed value stored in the Db.

Thats fine but what happens if the user requests a password reminder? How can you send a reminder if you don't store the password?

Just wondering how most people store usernames and passwords, is there a standard way of doing this?