@article{bradford_earp_showalter_williams_2017, title={Corporate Sustainability Reporting and Stakeholder Concerns: Is There a Disconnect?}, volume={31}, ISSN={["1558-7975"]}, DOI={10.2308/acch-51639}, abstractNote={SYNOPSIS}, number={1}, journal={ACCOUNTING HORIZONS}, author={Bradford, Marianne and Earp, Julia B. and Showalter, D. Scott and Williams, Paul F.}, year={2017}, month={Mar}, pages={83–102} }
 @article{bradford_earp_grabski_2014, title={Centralized end-to-end identity and access management and ERP systems: A multi-case analysis using the Technology Organization Environment framework}, volume={15}, ISSN={["1873-4723"]}, DOI={10.1016/j.accinf.2014.01.003}, abstractNote={System security is a top issue facing global organizations. This study investigates the constraints and benefits of a successful centralized end-to-end identity and access management (CIAM) implementation and the moderating role that ERP systems have in the implementation. We apply the Technology Organization Environment (TOE) framework to a case study approach. We find that organizational and technological factors result in lapses in IT governance and act as barriers to CIAM. Environmental factors also hinder CIAM implementation. Additionally, ERP systems facilitate the development of a CIAM due to integration and standardization of identities and automated provisioning. When the ERP system supports CIAM, the organization and its employees experience significant benefits including single sign-on capabilities, increased security and privacy, efficiencies in user provisioning and password management, and audit process improvement. Our results will be of value to any organization implementing CIAM and ERP. Researchers can also use our findings to further study IAM, ERP or extensions to the TOE framework.}, number={2}, journal={INTERNATIONAL JOURNAL OF ACCOUNTING INFORMATION SYSTEMS}, author={Bradford, Marianne and Earp, Julia B. and Grabski, Severin}, year={2014}, month={Jun}, pages={149–165} }
 @article{anton_earp_young_2010, title={How internet users' privacy concerns have evolved since 2002}, volume={8}, ISSN={1540-7993}, url={http://dx.doi.org/10.1109/msp.2010.38}, DOI={10.1109/msp.2010.38}, abstractNote={Internet privacy was the topic in this paper. A 2008 survey revealed that US Internet users' top three privacy concerns haven't changed since 2002, but privacy-related events might have influenced their level of concern within certain categories. The authors describe their results as well as the differences in privacy concerns between US and international respondents. They also mentioned that individuals have become more concerned about personalization in customized browsing experiences, monitored purchasing patterns, and targeted marketing and research.}, number={1}, journal={IEEE Security & Privacy Magazine}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Anton, A.I. and Earp, J.B. and Young, J.D.}, year={2010}, month={Jan}, pages={21–27} }
 @article{anton_earp_vail_jain_gheen_frink_2007, title={HIPAA's effect on web site privacy policies}, volume={5}, ISSN={["1540-7993"]}, DOI={10.1109/MSP.2007.7}, abstractNote={Healthcare institutions typically post their privacy practices online as privacy policy documents. We conducted a longitudinal study that examines the effects of HIPAA's enactment on a collection of privacy policy documents for a fixed set of organizations over a four-year period. We present our analysis of 24 healthcare privacy policy documents from nine healthcare Web sites, analyzed using goal mining, a content-analysis method that supports extraction of useful information about institutions' privacy practices from documents. We compare our results to our pre-HIPAA study of these same institutions' online privacy practices and evaluate their evolution in the presence of privacy laws}, number={1}, journal={IEEE SECURITY & PRIVACY}, author={Anton, Annie I. and Earp, Julia B. and Vail, Matthew W. and Jain, Neha and Gheen, Carrie M. and Frink, Jack M.}, year={2007}, pages={45–52} }
 @article{poindexter_earp_baumer_2006, title={An experimental economics approach toward quantifying online privacy choices}, volume={8}, ISSN={["1572-9419"]}, DOI={10.1007/s10796-006-9013-4}, number={5}, journal={INFORMATION SYSTEMS FRONTIERS}, author={Poindexter, J. C. and Earp, Julia B. and Baumer, David L.}, year={2006}, month={Dec}, pages={363–374} }
 @article{earp_payton_2006, title={Information privacy in the service sector: An exploratory study of health care and banking professionals}, volume={16}, ISSN={["1532-7744"]}, DOI={10.1207/s15327744joce1602_2}, abstractNote={Service industries, such as health care and banking, process large amounts of sensitive customer data in their daily transactions. The information obtained from this data frequently supports the competitive strategies of organizations while concurrently causing uncertainty and concern from the customer. Furthermore and given the service orientation of these data, poor data quality can result in extensive social and economic impacts. As a result, data practices and the employees who process the data must be managed in a cautious and thorough manner to thwart any privacy violations. This article explores employees' privacy orientation in their respective sector, health care or banking, through a parsimonious 15-item instrument. Our results indicate that health care professionals are largely concerned about errors in patient information whereas banking professionals are concerned about improper access of customer information—thereby suggesting differences in perceived privacy practices among these 2 service sectors. Several explanations are offered for the concerns that surfaced from the 2 groups. Therefore, our results build on a data quality hierarchical framework consisting of accuracy, appropriate amount of data, accessibility, and access security. Our results hold public policy, legal, and security implications to the managerial staff at both health care and banking organizations. To date, there has been little research that gives substantial insight into the privacy practices of service industry workers, such as banking and health care employees. In this article, we discuss the implications of these findings and suggest directions for future research.}, number={2}, journal={JOURNAL OF ORGANIZATIONAL COMPUTING AND ELECTRONIC COMMERCE}, author={Earp, Julia Brande and Payton, Fay Cobb}, year={2006}, pages={105–122} }
 @article{earp_anton_aiman-smith_stufflebeam_2005, title={Examining Internet privacy policies within the context of user privacy values}, volume={52}, ISSN={["1558-0040"]}, DOI={10.1109/tem.2005.844927}, abstractNote={Internet privacy policies describe an organization's practices on data collection, use, and disclosure. These privacy policies both protect the organization and signal integrity commitment to site visitors. Consumers use the stated website policies to guide browsing and transaction decisions. This paper compares the classes of privacy protection goals (which express desired protection of consumer privacy rights) and vulnerabilities (which potentially threaten consumer privacy) with consumer privacy values. For this study, we looked at privacy policies from nearly 50 websites and surveyed over 1000 Internet users. We examined Internet users' major expectations about website privacy and revealed a notable discrepancy between what privacy policies are currently stating and what users deem most significant. Our findings suggest several implications to privacy managers and software project managers. Results from this study can help managers determine the kinds of policies needed to both satisfy user values and ensure privacy-aware website development efforts.}, number={2}, journal={IEEE TRANSACTIONS ON ENGINEERING MANAGEMENT}, author={Earp, JB and Anton, AI and Aiman-Smith, L and Stufflebeam, WH}, year={2005}, month={May}, pages={227–237} }
 @article{anton_earp_2004, title={A requirements taxonomy for reducing Web site privacy vulnerabilities}, volume={9}, ISSN={["1432-010X"]}, DOI={10.1007/s00766-003-0183-z}, number={3}, journal={REQUIREMENTS ENGINEERING}, author={Anton, AI and Earp, JB}, year={2004}, month={Aug}, pages={169–185} }
 @article{anton_earp_he_stufflebeam_bolchini_jensen_2004, title={Financial privacy policies and the need for standardization}, volume={2}, ISSN={["1558-4046"]}, DOI={10.1109/MSECP.2004.1281243}, abstractNote={The authors analyze 40 online privacy policy documents from nine financial institutions to examine their clarity and readability. Their findings show that compliance with the existing legislation and standards is, at best, questionable.}, number={2}, journal={IEEE SECURITY & PRIVACY}, author={Anton, AI and Earp, JB and He, QF and Stufflebeam, W and Bolchini, D and Jensen, C}, year={2004}, pages={36–45} }
 @article{baumer_earp_poindexter_2004, title={Internet privacy law: a comparison between the United States and the European Union}, volume={23}, ISSN={["0167-4048"]}, DOI={10.1016/j.cose.2003.11.001}, abstractNote={The increasing use of personal information in Internet-based applications has created privacy concerns worldwide. This has led to awareness among policy makers in several countries of the desirability of harmonizing privacy laws. The greatest challenge to privacy legislation from an international perspective arises because, while the Internet is virtually borderless, legislative approaches differ from country to country. This paper presents a functional comparison between current privacy law in the European Union (EU) and in the United States (U.S.), as such laws relate to regulation of websites and online service providers. In addition, similarities and differences between the 2002 EU Directive 2002/58/EC, Directive on Privacy and Electronic Communications, which has been adopted by the EU but not yet implemented, and the proposed U.S. Online Privacy Protection Act, are illuminated. Employing a qualitative approach, we use the Fair Information Practices to organize discussion of comparisons and contrasts between U.S. and EU privacy laws. Our investigation of this topic leads us to conclude that the right to privacy is more strictly protected in the EU than in the U.S. The Online Privacy Protection Act, recently introduced as a bill in Congress, has the potential to significantly affect commercial practices in the U.S. and move the U.S. towards current EU privacy protection laws. This analysis benefits managers as well as security professionals since the results can be used as guidelines in ensuring that an organization's website practices are consistent with requirements imposed by countries with which they exchange information. It also provides information that can guide organizations as they prepare for potential privacy legislation.}, number={5}, journal={COMPUTERS & SECURITY}, author={Baumer, DL and Earp, JB and Poindexter, JC}, year={2004}, month={Jul}, pages={400–412} }
 @article{earp_baumer_2003, title={Innovative Web use to learn about consumer behavior and online privacy}, volume={46}, ISSN={["0001-0782"]}, DOI={10.1145/641205.641209}, abstractNote={Consumers are more protective of their personal data than most e-marketers probably ever expected. Indeed, any willingness by consumers to provide certain information online greatly depends on who's doing the asking.}, number={4}, journal={COMMUNICATIONS OF THE ACM}, author={Earp, JB and Baumer, D}, year={2003}, month={Apr}, pages={81–83} }
 @article{anton_earp_carter_2003, title={Precluding incongruous behavior by aligning software requirements with security and privacy policies}, volume={45}, ISSN={["1873-6025"]}, DOI={10.1016/S0950-5849(03)00095-8}, abstractNote={Keeping sensitive information secure is increasingly important in e-commerce and web-based applications in which personally identifiable information is electronically transmitted and disseminated. This paper discusses techniques to aid in aligning security and privacy policies with system requirements. Early conflict identification between requirements and policies enables analysts to prevent incongruous behavior, misalignments and unfulfilled requirements, ensuring that security and privacy are built in rather than added on as an afterthought. Validated techniques to identify conflicts between system requirements and the governing security and privacy policies are presented. The techniques are generalizable to other domains, in which systems contain sensitive information.}, number={14}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Anton, AI and Earp, JB and Carter, RA}, year={2003}, month={Nov}, pages={967–977} }