Amy Worley
Amy Worley is a seasoned expert in the fields of global data privacy and data protection regulation, data governance, and data ethics, including the growing field of artificial intelligence (AI) regulation.
Ms. Worley has honed her skills in helping businesses develop comprehensive privacy, data governance, and information management programs. She served as global chief privacy officer for a leading global pharmaceutical and medical device company with a market value of $1 billion.
Ms. Worley currently serves as a fractional data protection officer (DPO) for organizations worldwide, providing gap and risk assessments, developing remediation plans, liaising with global regulatory bodies, assisting clients in responding to security incidents, and advising boards of directors on data compliance-related risk. Her certifications include the International Association of Privacy Professionals Certified Privacy Professional for the United States (CIPP-US) and Europe (CIPP-E), Certified Privacy Program Manager (CIMP), Fellow of Information Privacy, and certified Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Expert (CHPSE). Ms. Worley is also a Certified Information Systems Security Professional (CISSP) and certified Artificial Intelligence Governance Professional (AIGP).
Ms. Worley leads BRG’s Privacy and Information Compliance practice group. She has deep experience building effective and sustainable multinational data compliance programs across industries. Her clients benefit from her experience working with regulators in every world region. She has partnered with global, national, and regional financial institutions, life sciences companies, laboratories, healthcare providers, electronic medical records providers, e-commerce marketplaces, data analytics and statistical companies, and digital real estate investment enterprises to build agile and effective digital compliance programs.
Ms. Worley’s approach is risk-based, practical, and focused on helping businesses maximize the value of their data while minimizing regulatory risk. She believes that data compliance is about building trust as a value proposition and that right-sized compliance programs reduce risk and add marketable value to companies.
Ms. Worley practiced law for sixteen years before moving into industry and then into consulting. She advised on regulatory compliance with laws including HIPAA; Health Information Technology for Economic and Clinical Health Act (HITECH); Fair Credit Report Act (FCRA); Fair and Accurate Credit Transactions Act (FACTA); Gramm–Leach–Bliley Act (GLBA); US Securities and Exchange Commission “Red Flags Rule”; Bank Secrecy Act (BSA); Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank); Children’s Online Privacy and Protection Act (COPPA); Family Educational Rights Privacy Act (FERPA); European Union Data Protection Directive 95/46; European General Data Protection Regulation (GDPR); Brazilian General Data Protection Law (LGPD); Canadian Personal Information Protection and Electronic Documents Act, as amended (PIPEDA); and other US, Latin America, and Asian data privacy laws.
Ms. Worley has provided expert testimony in US federal courts regarding data breach notification obligations and has provided expert deposition testimony in other litigation regarding how cybercriminals tend to misuse stolen personal data.
Ms. Worley has served on several nonprofit boards and won the North Carolina Governor’s Award for Volunteer Service.
Employment History
Merz Pharma Group, Raleigh, NC
Global Chief Privacy Officer, 2017-2019
Merz North America, Inc., Raleigh NC
Senior Counsel and Privacy Officer, 2016-2017
Jackson Lewis, P.C., Raleigh, NC
Co-Practice Group Leader, Privacy, Data Security and eDiscovery Practice Group, 2014-2016
McGuireWoods, LLP, Charlotte and Raleigh, NC
Partner, 2004-2014
Ferguson, Stein, Adkins, Gresham and Sumter, Charlotte, NC
Associate, 2001-2004
US District Court for the Southern District of Georgia, Hon. Anthony A. Alaimo
Law Clerk, 2000-2001
Education
Mercer University School of Law
JD, 2000
Mercer University
BA, English, 1997
Credentials
International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional/United States (CIPP/US)
Certified Information Privacy Professional/Europe (CIPP/E)
Certificate in Investment Performance Measurement (CIPM)
Certified HIPAA Privacy and Security Expert (CHPSE)
Certified Information Systems Security Professional (CISSP)
Artificial Intelligence Governance Professional (AIGP)
Professional Affiliations
International Association of Privacy Professionals, Fellow
North Carolina Bar Association, Member
Wake County Bar Association, Member
Community/Civic Involvement
Mercer University College of Liberal Arts Alumni
Board of Directors, 2014-2018
Mecklenberg County Legal Aid
Volunteer attorney, 2001-2009
Community Health Services
Director, 2006
Regional HIV/AIDS Consortium
Director and chair, 2001-2005
Areas of Expertise
- Big Data
- Biometric Information Privacy Act
- Corporate Compliance & Risk Management
- Digital Economy and Platform Markets
- Discovery & Forensic Technology
- Economics, Disputes & Investigations
- Global Applied Technology
- IT Strategy
- Performance Improvement
- Privacy & Data Protection
- Compliance, Sanctions & Investigations