About

Julie Earp is an Associate Professor of Information Technology at NC State University's Poole College of Management. She serves as the Area Coordinator for IT & Analytics within the Department of Information Technology, Analytics & Operations. Her educational background includes a Ph.D. in Informational Technology from Virginia Polytechnic Institute, obtained in 1997. Her areas of expertise encompass privacy and cybersecurity. She is a member of the graduate faculty and is involved in teaching and research related to information technology, with a focus on privacy and cybersecurity issues.

Research topics

• Internet privacy
• Business
• Computer science
• Computer security
• Public relations

Selected publications

• Understanding sustainability for socially responsible investing and reporting

  Journal of Capital Markets Studies · 2017-10-13 · 24 citations

  articleOpen access

  Purpose The purpose of this paper is to determine what types of sustainability activities companies are reporting and whether persons external to the companies understand how those reported activities correspond to the companies’ narratives about sustainability. That is to ascertain how people interpret the meaning of the activities included in the sustainability reports. Design/methodology/approach From a sample of sustainability reports prepared by Global Reporting Initiative (GRI) guidelines, the authors identified the distinct activities reported. The authors prepared a survey comprised of these activities and asked a sample of people knowledgeable about business and investing to evaluate each activity on the extent to which they are relevant to sustainability performance. The responses were then factor analyzed to identify the most important dimensions of sustainability these persons employed to relate the activities to sustainability. Findings The dimensions employed by the subjects differed in some significant ways from those dimensions used to construct the GRI format. Subjects evaluated sustainability efforts as primarily efforts of being a good citizen with sustainability an end in itself rather than as constraint to be respected in achieving profitability goals. Research limitations/implications The study is a first attempt so results are preliminary, i.e. suggestive but not definitive. Though preliminary an intriguing implication is that closure on a sustainability reporting structure would be premature. More effort needs to be devoted to provide more clarity on the concept of corporate sustainability and what its implications are for corporate behavior. Practical implications Given the results that sustainability be regarded as a corporate end, what is the role of the corporation in society seems still to be disputatious. Sustainability may not be something achievable without changes in corporate law. Originality/value The study is an early attempt to assess the potential alternative narratives about corporate sustainability. Its value lies in providing insights into the age-old question of what should be the role of the corporation in a free society.

  PublisherOA PDFDOI

• Corporate Sustainability Reporting and Stakeholder Concerns: Is There a Disconnect?

  Accounting Horizons · 2016-11-01 · 90 citations

  article

  SYNOPSIS The number of companies reporting their corporate sustainability (CS) activities has significantly increased over the last decade. The result being a wide variability in the types of activities being reported and the ways the information is presented. An unanswered question is whether the information being reported by companies following the Global Reporting Initiative (GRI) CS framework is of interest to arguably one of the primary stakeholder groups, customers. Our study seeks to fill this knowledge gap by comparing the content of CS reports to results from a large-scale consumer stakeholder survey. By performing factor analysis on stakeholder evaluation of the importance of CS activities, we find that consumers see different dimensions than those put forth by the GRI framework, thereby suggesting a disconnect between corporate sustainability reporting and stakeholder views and interests. Our results indicate that risk and compliance are dimensions of interest to customers, while the GRI economic dimension is not viewed as important. Additionally, a new dimension of social justice is the most important to consumer stakeholders. Furthermore, the study highlights particular activities within each factor that are most important to the consumer stakeholder group. This research has implications for preparers of sustainability reports and organizations, such as the GRI, that establish guidance for sustainability reporting.

  PublisherDOI

• "I had no idea this was a thing"

  2016-12-05 · 9 citations

  article1st authorCorresponding

  Personalization has the potential to improve the effectiveness of "generic" privacy notices and policies, however, little is known about the user impact of the personalized transparency tools available today. While regulators consistently endorse transparency, the popular press often couches existing tools in negative and cautionary tones. In a pilot study of two personalized online transparency tools, Google's My Activity and Google Ads Settings, we find the user experience of these tools is difficult to study due to low user-awareness and limited user data accessible to the tools. However, for those users with sufficient data accessible to the tools, we find no evidence that these tools are harmful to user trust and privacy attitudes.

  PublisherDOI

• Centralized end-to-end identity and access management and ERP systems: A multi-case analysis using the Technology Organization Environment framework

  International Journal of Accounting Information Systems · 2014-02-14 · 52 citations

  article
  PublisherDOI

• Sustainability Reports: What Do Stakeholders Really Want?

  Management accounting quarterly · 2014-09-22 · 3 citations

  article

  EXECUTIVE SUMMARYManagement accountants are becoming more involved in corporate sustainability reporting as companies rapidly ramp up their efforts in this area. Yet what sustainability means-and what reports should cover-depends on whom you ask. Consumer stake - holders view corporate sustainability differently than companies do, so current reports may not be what all corporate stakeholders want.This article is based on research supported by the IMA® Research Foundation.Companies are increasingly spending time and effort reporting their sustainability activities. Some organizations report mainly on environmental issues. Others, however, see sustainability as a multidimensional concept, so they also report on economically and socially responsible activities. This view of sustainability is often called the three-legged stool or the triple bottom line.Are these sustainability reports giving stakeholders what they really want? And do stakeholders think about sustain - ability the same way corporations do? We conducted some research to find out.Accountants Are More InvolvedManagement accountants are getting more involved in developing and presenting sustainability information as sustain - ability practices become increasingly important and assurance for sustainability data is more common. Also, top management is recognizing that accountants' education, skills, and rigor are especially valuable for preparing and presenting sustainability information.Report content varies widely. Some reports are glossy marketing brochures posted on companies' websites and used for marketing propaganda. Other reports are more rigorous. Some companies use their own reporting criteria or follow national reporting criteria. But many companies use the criteria developed by the Global Reporting Initiative (GRI), an international not-for-profit organization that promotes the use of sustainability reporting. The GRI is a network of thousands of professionals and organizations from many industries, regions, and constituencies. Its reporting criteria are most notable and pervasive. The GRI suggests-but does not mandate-approximately 80 indicators (activities) for companies to report on in six different dimensions (see Table 1). These dimensions represent the six categories of corporate activities judged to fulfill corporate responsibilities implied by triple-bottom-line reporting. Many companies register their sustainability reports with the GRI, and the reports are stored in a sustainability disclosure database that provides access to an abundance of voluntarily reported company sustainability information.Because the indicators are merely suggestions, companies are not uniform in which sustainability activities they report. And companies that do not register also release sustainability reports. It is hard to compare GRIcompliant reports, let alone all the other reports from unregistered companies. Also, there are many selfdeclared reports, which are not checked by a third party. Current trends and efforts by companies as well as organizations with regulatory oversight provide a strong indication that companies are moving from selfdeclared verification to voluntary third-party verification of sustainability information with mandated verification by regulators on the horizon. Then it will become even more imperative that accountants have a deep understanding of corporate sustainability and use their expertise to ensure accurate information.The GRI and other organizations have prescribed guidelines specifying which corporate sustainability activities belong in each sustainability dimension. But there is a lack of research determining whether prescribed activities and dimensions match stakeholders' priorities. Which activities do stakeholders feel belong in each dimension-or in completely new dimensions? Are there other activities even more important to stakeholders? Do organizations' corporate sustainability narratives match those of their stakeholders? …

  Publisher

• Assessing identification of compliance requirements from privacy policies

  2012-09-01 · 10 citations

  articleSenior author

  In the United States, organizations can be held liable by the Federal Trade Commission for the statements they make in their privacy policies. Thus, organizations must include their privacy policies as a source of requirements in order to build systems that are policy-compliant. In this paper, we describe an empirical user study in which we measure the ability of requirements engineers to effectively extract compliance requirements from a privacy policy using one of three analysis approaches-CPR (commitment, privilege, and right) analysis, goal-based analysis, and non-method-assisted (control) analysis. The results of these three approaches were then compared to an expert-produced set of expected compliance requirements. The requirements extracted by the CPR subjects reflected a higher percentage of requirements that were expected compliance requirements as well as a higher percentage of the total expected compliance requirements. In contrast, the goal-based and control subjects produced a higher number of synthesized requirements, or requirements not directly derived from the policy than the CPR subjects. This larger number of synthesized requirements may be attributed to the fact that these two subject groups employed more inquiry-driven approaches than the CPR subjects who relied primarily on focused and direct extraction of compliance requirements.

  PublisherDOI

• Sustainability: An Analysis of Organizational Reporting and Implications for ERP systems

  Journal of the Association for Information Systems · 2012-01-01 · 4 citations

  articleOpen access

  Given the increasing interest in sustainability, many companies are voluntarily producing sustainability reports for the general public. Companies generate these reports as a mechanism to signal environmental and global commitment to the public. Individuals use information from these reports to form thoughts on whether to purchase products or services from companies or whether to invest in the company. There is much variation in what sustainability means in the context of a business; therefore, reporting processes differ between companies. This paper presents the results of a content analysis of 15 sustainability reports which yielded 145 unique activities. These results are assisting us as we develop and validate an instrument of the most important activities in various sustainability dimensions. Using the finalized activities we will make inferences for ERP vendors in designing functionality to capture sustainability measures. Our findings will guide researchers and practitioners in measuring the dimensions of sustainability and using ERP systems to support sustainability reporting.

  Publisher

• An Experimental Economics Approach Toward Quantifying Online Privacy Choices

  SSRN Electronic Journal · 2011-04-26

  articleOpen access

  The importance of personal privacy to Internet users has been extensively researched using a variety of survey techniques. The limitations of survey research are well-known and exist in part because there are no positive or negative consequences to responses provided by survey participants. Such limitations are the motivation for this work. Experimental economics is widely accepted by economists and others as an investigative technique that can provide measures of economic choice-making that are substantially more accurate than those provided by surveys. This paper describes our efforts at applying the techniques of experimental economics to provide a foundation for (a) estimating the values that consumers place on privacy and various forms of security (encryption, HIPAA, etc.) and for (b) quantifying user responses to changes in the Internet environment. The contribution of this study is a better understanding of individual decision-making in the context of benefits and costs of making private information available to Internet sites. Preliminary results from a series of pilot studies are consistent with optimizing behaviors, indicating that continued application of experimental economics techniques in the quantification of Internet user actions in privacy/security space will be illuminating. Our results show that Internet users place great value on security measures, both regulatory and technical, that make identity theft much less likely. Our Web-based experiments indicate that privacy- and security- enhancing protections are likely to be subject to moral hazard responses, as participants in our online experiments became more aggressive in their Internet usage with greater protection in place.

  Publisher

• Internet Privacy Law: A Comparison between the United States and the European Union

  SSRN Electronic Journal · 2011-04-26

  articleOpen access

  The increasing use of personal information in Internet-based applications has created privacy concerns worldwide. This has led to awareness among policy makers in several countries of the desirability of harmonizing privacy laws. The greatest challenge to privacy legislation from an international perspective arises because, while the Internet is virtually borderless, legislative approaches differ from country to country.This paper presents a functional comparison between current privacy law in the European Union (EU) and in the United States (U.S.), as such laws relate to regulation of websites and online service providers. In addition, similarities and differences between the 2002 EU Directive 2002/58/EC, Directive on Privacy and Electronic Communications, which has been adopted by the EU but not yet implemented, and the proposed U.S. Online Privacy Protection Act, are illuminated. Employing a qualitative approach, we use the Fair Information Practices to organize discussion of comparisons and contrasts between U.S. and EU privacy laws. Our investigation of this topic leads us to conclude that the right to privacy is more strictly protected in the EU than in the U.S. The Online Privacy Protection Act, recently introduced as a bill in Congress, has the potential to significantly affect commercial practices in the U.S. and move the U.S. towards current EU privacy protection laws. This analysis benefits managers as well as security professionals since the results can be used as guidelines in ensuring that an organization's website practices are consistent with requirements imposed by countries with which they exchange information. It also provides information that can guide organizations as they prepare for potential privacy legislation.

  Publisher

• How internet users' privacy concerns have evolved since 2002

  IEEE Security & Privacy · 2010-01-01 · 134 citations

  article

  Internet privacy was the topic in this paper. A 2008 survey revealed that US Internet users' top three privacy concerns haven't changed since 2002, but privacy-related events might have influenced their level of concern within certain categories. The authors describe their results as well as the differences in privacy concerns between US and international respondents. They also mentioned that individuals have become more concerned about personalization in customized browsing experiences, monitored purchasing patterns, and targeted marketing and research.

  PublisherDOI

Frequent coauthors

• Annie I. Antón

  Georgia Institute of Technology

  24 shared

• David L. Baumer

  9 shared

• Matthew W. Vail

  National Institute of Standards and Technology

  7 shared

• J. Carl Poindexter

  North Carolina State University

  6 shared

• Fay Cobb Payton

  North Carolina State University

  5 shared

• Marianne Bradford

  North Carolina State University

  5 shared

• Paul F. Williams

  North Carolina State University

  3 shared

• Ryan A. Carter

  Boone Hospital Center

  3 shared

Education

• Ph.D., Business Administration

  University of North Carolina at Chapel Hill

  2000

• M.S., Business Administration

  University of North Carolina at Chapel Hill

  1996

• B.S., Business Administration

  University of North Carolina at Chapel Hill

  1994