All Professionals

Amy Worley

Managing Director & Associate General Counsel

Amy Worley has almost twenty years of experience helping companies across industries build and implement programs that unlock and protect the power of information as a competitive advantage through strategic information governance, privacy-by-design, trade secret and commercially sensitive information identification and classification, data loss prevention, data and business process mapping and risk analyses, strategic data analytics, and IT contracting.

She has deep industry experience building effective and sustainable multinational privacy and records management programs from gap identification through audit and ongoing program management.

Ms. Worley helps clients develop, track, and report on meaningful key performance indicators (KPIs) to both monitor the effectiveness of information governance and privacy programs and measure cost savings realized from avoiding data duplication and disposing of stale, redundant, and low-value data.

Ms. Worley practiced law for sixteen years before moving into industry. She advised clients on regulatory compliance with laws including the Health Insurance Portability and Accountability Act (HIPAA); Health Information Technology for Economic and Clinical Health Act (HITECH); Fair Credit Report Act (FCRA); Fair and Accurate Credit Transactions Act (FACTA); Gramm–Leach–Bliley Act (GLBA); US Securities and Exchange Commission “Red Flags Rule”; Bank Secrecy Act (BSA); Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd–Frank); Children’s Online Privacy and Protection Act (COPPA); Family Educational Rights Privacy Act (FERPA); European Union Data Protection Directive 95/46; European General Data Protection Regulation (GDPR); Brazilian General Data Protection Law (LGPD); Canadian Personal Information Protection and Electronic Documents Act, as amended (PIPEDA); and various other US, Latin America, and Asian data privacy laws.

Ms. Worley also litigated and tried several cases related to loss or theft of sensitive information. Before deciding to focus on helping companies derive value from and protect their data, she prosecuted cases involving trade secret misappropriation, unfair and deceptive trade practices, breach of confidentiality and fiduciary duty obligations, computer fraud and abuse, and data breach.

Immediately before joining BRG, Ms. Worley was the global chief privacy and records officer for a multinational, specialty pharmaceutical and medical device company with over $1 billion in assets. While there, she built an integrated global privacy program from the ground up, leading the company’s GDPR compliance efforts and coordinating privacy compliance in twenty-eight countries. She also developed and built the company’s records management and retention program, aligning records schedules across multiple affiliates. She sat on the company’s digital strategy steering committee and helped implement master data management and data warehouse projects. Her teams were twice nominated for the global CEO’s worldwide Award for Stellar Performance.

Ms. Worley holds a JD, as well as CIPP/US, CIPP/E, and CIPM certifications from the International Association of Privacy Professionals (IAPP). She is also a Fellow of Information Privacy with the IAPP. She graduated summa cum laude from Mercer University and was named the “Outstanding Graduate with a degree in English.” Thereafter, she became the first George W. Woodruff Scholar at the Mercer University School of Law. She graduated from law school in 2000 as the editor of the Eleventh Circuit Survey of the Mercer Law Review and the valedictorian of her class.

Employment History

Merz Pharma Group, Raleigh, NC
Global Chief Privacy Officer, 2017-2019

Merz North America, Inc., Raleigh NC
Senior Counsel and Privacy Officer, 2016-2017

Jackson Lewis, P.C., Raleigh, NC
Co-Practice Group Leader, Privacy, Data Security and eDiscovery Practice Group, 2014-2016

McGuireWoods, LLP, Charlotte and Raleigh, NC
Partner, 2004-2014

Ferguson, Stein, Adkins, Gresham and Sumter, Charlotte, NC
Associate, 2001-2004

US District Court for the Southern District of Georgia, Hon. Anthony A. Alaimo
Law Clerk, 2000-2001

Professional Affiliations

International Association of Privacy Professionals, Fellow

North Carolina Bar Association, Member

Wake County Bar Association, Member


International Association of Privacy Professionals (IAPP)

Certified Information Privacy Professional/United States (CIPP/US)

Certified Information Privacy Professional/Europe (CIPP/E)

Certificate in Investment Performance Measurement (CIPM)

Certified HIPAA Privacy and Security Expert (CHPSE)

Community/Civic Involvement

Mercer University College of Liberal Arts Alumni
Board of Directors, 2014-2018

Mecklenberg County Legal Aid
Volunteer attorney, 2001-2009

Community Health Services
Director, 2006

Regional HIV/AIDS Consortium
Director and chair, 2001-2005

Areas of Expertise


Mercer University School of Law
JD, 2000

Mercer University
BA, English, 1997


IAPP Fellow of Information Privacy, 2019

Merz Pharma Global Leadership Program, 2018

Merz Pharma Group Finalist Global CEO Award, 2016, 2017

AV Rating Martindale Hubbell, 2016

North Carolina Legal Elite, repeated

North Carolina Governor’s Award for Community Service, 2004