In general, no. SMTP is a protocol with a fixed set of information that can be exchanged, and "How long has this address been active?" is not among that information. (In fact, due to the continuing battle between mail infrastructure providers and spammers, it is getting progressively harder to get reliable answers to the much simpler question "Is this address deliverable?", even though this one is supposed to be answerable.)
That doesn't mean you couldn't find the answer in many cases depending on the details of the entity who is actually providing the ail service. Obviously, if you have control over it yourself, you can query the creation date easily. For public providers, there may be traces of the time when the domain an email uses was registered; many common internet stacks incidentally disclose more information than they are supposed to, and it may be possible to deduce something from that. What probably doesn't exist is a general way that works for all email addresses.
Passwords must be stored hashed always, and make sure they are never logged, for example by query loggers. Hashing is important as opposed to encryption, because it should be a one-way, nonreversible process.
Secret questions to help recover passwords are good to encrypt. As these are secret, and they themselves can reveal something about the user, it wouldn't be good if they got leaked. In addition to revealing something personal about the user, they could also help attackers to make better guesses.
Answers to secret questions should be hashed, as these could be intimate secrets. It can be a good idea to hash a sanitized form, such as lowercased and trimmed, to make it easier for users to reenter correctly.
As for other fields, it's case by case, and depends on many factors. You really need to think through each and every one of them, and evaluate in terms of sensitivity, and decide which method is prudent, or overengineering, or paranoia.
Don't forget to secure the communication channel too. For example if the system is accessible via web, make sure it's https, otherwise your hashing and encrypting makes little difference to your overall security, as everything can be eavesdropped en route between your users and your website.
UPDATE
As @MichaelT pointed out in a comment,
the Payment Card Industry Data Security Standard (PCI DSS) document seems to be a comprehensive document, and well worth reading if you're serious about securing your customer data.
The documents library of PCI may have other interesting items too.
Best Answer
if you are going to allow your users to change an email address you need to verify the new email address and send a notification to the old email address. The verification of the new email is more optional, but since you verified the original address not validating the new is an inconsistency, that can turn known good information into potentially useless information. The email sent to the old address is for security reasons in case the account was compromised, so the user can be notified and take action to recover the account if necessary.
You could also require the user to click verification links sent to both emails in the case of an email change and lock the account until both are verified or your customer service is contacted. Doing something like this really hurts user friendliness and should only be used if your application is something that if compromised can cause significant monetary losses or physical danger.