Eric Hellmen recently announced a blog post on the Code4Lib list-serv that’s well worth your time:

I recently wrote a blog post about password security in library subscribed databases based on an RFP by a state agencecy subject to public disclosure laws. The results were very revealing, but it covered only a small set of vendors.
http://go-to-hellman.blogspot.com/2015/02/passwords-are-stored-in-plain-text.html <http://go-to-hellman.blogspot.com/2015/02/passwords-are-stored-in-plain-text.html>

I would be very interested to learn of RFPs for library automation software, ebook delivery platforms, etc. subject to similar public disclosure rules that asked questions relevant to privacy and security in libraries.

Contact me on or off list.