All Professionals

Amy Worley

Managing Director & Associate General Counsel

Amy Worley is a seasoned expert in the fields of global data privacy and data protection regulation, data governance, and data ethics, including the growing field of artificial intelligence (AI) regulation.

Ms. Worley has honed her skills in helping businesses develop comprehensive privacy, data governance, and information management programs. She served as global chief privacy officer for a leading global pharmaceutical and medical device company with a market value of $1 billion. 

Ms. Worley currently serves as a fractional data protection officer (DPO) for organizations worldwide, providing gap and risk assessments, developing remediation plans, liaising with global regulatory bodies, assisting clients in responding to security incidents, and advising boards of directors on data compliance-related risk. Her certifications include the International Association of Privacy Professionals Certified Privacy Professional for the United States (CIPP-US) and Europe (CIPP-E), Certified Privacy Program Manager (CIMP), Fellow of Information Privacy, and certified Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Expert (CHPSE). Ms. Worley is also a Certified Information Systems Security Professional (CISSP) and certified Artificial Intelligence Governance Professional (AIGP).  

Ms. Worley leads BRG’s Privacy and Information Compliance practice group. She has deep experience building effective and sustainable multinational data compliance programs across industries. Her clients benefit from her experience working with regulators in every world region. She has partnered with global, national, and regional financial institutions, life sciences companies, laboratories, healthcare providers, electronic medical records providers, e-commerce marketplaces, data analytics and statistical companies, and digital real estate investment enterprises to build agile and effective digital compliance programs. 

Ms. Worley’s approach is risk-based, practical, and focused on helping businesses maximize the value of their data while minimizing regulatory risk. She believes that data compliance is about building trust as a value proposition and that right-sized compliance programs reduce risk and add marketable value to companies. 

Ms. Worley practiced law for sixteen years before moving into industry and then into consulting. She advised on regulatory compliance with laws including HIPAA; Health Information Technology for Economic and Clinical Health Act (HITECH); Fair Credit Report Act (FCRA); Fair and Accurate Credit Transactions Act (FACTA); Gramm–Leach–Bliley Act (GLBA); US Securities and Exchange Commission “Red Flags Rule”; Bank Secrecy Act (BSA); Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank); Children’s Online Privacy and Protection Act (COPPA); Family Educational Rights Privacy Act (FERPA); European Union Data Protection Directive 95/46; European General Data Protection Regulation (GDPR); Brazilian General Data Protection Law (LGPD); Canadian Personal Information Protection and Electronic Documents Act, as amended (PIPEDA); and other US, Latin America, and Asian data privacy laws. 

 Ms. Worley has provided expert testimony in US federal courts regarding data breach notification obligations and has provided expert deposition testimony in other litigation regarding how cybercriminals tend to misuse stolen personal data. 

Ms. Worley has served on several nonprofit boards and won the North Carolina Governor’s Award for Volunteer Service. 

Employment History

Merz Pharma Group, Raleigh, NC
Global Chief Privacy Officer, 2017-2019

Merz North America, Inc., Raleigh NC
Senior Counsel and Privacy Officer, 2016-2017

Jackson Lewis, P.C., Raleigh, NC
Co-Practice Group Leader, Privacy, Data Security and eDiscovery Practice Group, 2014-2016

McGuireWoods, LLP, Charlotte and Raleigh, NC
Partner, 2004-2014

Ferguson, Stein, Adkins, Gresham and Sumter, Charlotte, NC
Associate, 2001-2004

US District Court for the Southern District of Georgia, Hon. Anthony A. Alaimo
Law Clerk, 2000-2001

Professional Affiliations

International Association of Privacy Professionals, Fellow

North Carolina Bar Association, Member

Wake County Bar Association, Member


International Association of Privacy Professionals (IAPP)

Certified Information Privacy Professional/United States (CIPP/US)

Certified Information Privacy Professional/Europe (CIPP/E)

Certificate in Investment Performance Measurement (CIPM)

Certified HIPAA Privacy and Security Expert (CHPSE)

Certified Information Systems Security Professional (CISSP)

Artificial Intelligence Governance Professional (AIGP)

Community/Civic Involvement

Mercer University College of Liberal Arts Alumni
Board of Directors, 2014-2018

Mecklenberg County Legal Aid
Volunteer attorney, 2001-2009

Community Health Services
Director, 2006

Regional HIV/AIDS Consortium
Director and chair, 2001-2005

Areas of Expertise


Mercer University School of Law
JD, 2000

Mercer University
BA, English, 1997


IAPP Fellow of Information Privacy, 2019

Merz Pharma Global Leadership Program, 2018

Merz Pharma Group Finalist Global CEO Award, 2016, 2017

AV Rating Martindale Hubbell, 2016

North Carolina Legal Elite, repeated

North Carolina Governor’s Award for Community Service, 2004