Amy Worley has almost twenty years of experience helping companies across industries build and implement programs that unlock and protect the power of information as a competitive advantage through strategic information governance, privacy-by-design, trade secret and commercially sensitive information identification and classification, data loss prevention, data and business process mapping and risk analyses, strategic data analytics, and IT contracting.
She has deep industry experience building effective and sustainable multinational privacy and records management programs from gap identification through audit and ongoing program management.
Ms. Worley helps clients develop, track, and report on meaningful key performance indicators (KPIs) to both monitor the effectiveness of information governance and privacy programs and measure cost savings realized from avoiding data duplication and disposing of stale, redundant, and low-value data.
Ms. Worley practiced law for sixteen years before moving into industry. She advised clients on regulatory compliance with laws including the Health Insurance Portability and Accountability Act (HIPAA); Health Information Technology for Economic and Clinical Health Act (HITECH); Fair Credit Report Act (FCRA); Fair and Accurate Credit Transactions Act (FACTA); Gramm–Leach–Bliley Act (GLBA); US Securities and Exchange Commission “Red Flags Rule”; Bank Secrecy Act (BSA); Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd–Frank); Children’s Online Privacy and Protection Act (COPPA); Family Educational Rights Privacy Act (FERPA); European Union Data Protection Directive 95/46; European General Data Protection Regulation (GDPR); Brazilian General Data Protection Law (LGPD); Canadian Personal Information Protection and Electronic Documents Act, as amended (PIPEDA); and various other US, Latin America, and Asian data privacy laws.
Ms. Worley also litigated and tried several cases related to loss or theft of sensitive information. Before deciding to focus on helping companies derive value from and protect their data, she prosecuted cases involving trade secret misappropriation, unfair and deceptive trade practices, breach of confidentiality and fiduciary duty obligations, computer fraud and abuse, and data breach.
Immediately before joining BRG, Ms. Worley was the global chief privacy and records officer for a multinational, specialty pharmaceutical and medical device company with over $1 billion in assets. While there, she built an integrated global privacy program from the ground up, leading the company’s GDPR compliance efforts and coordinating privacy compliance in twenty-eight countries. She also developed and built the company’s records management and retention program, aligning records schedules across multiple affiliates. She sat on the company’s digital strategy steering committee and helped implement master data management and data warehouse projects. Her teams were twice nominated for the global CEO’s worldwide Award for Stellar Performance.
Ms. Worley holds a JD, as well as CIPP/US, CIPP/E, and CIPM certifications from the International Association of Privacy Professionals (IAPP). She is also a Fellow of Information Privacy with the IAPP. She graduated summa cum laude from Mercer University and was named the “Outstanding Graduate with a degree in English.” Thereafter, she became the first George W. Woodruff Scholar at the Mercer University School of Law. She graduated from law school in 2000 as the editor of the Eleventh Circuit Survey of the Mercer Law Review and the valedictorian of her class.
Employment History
Merz Pharma Group, Raleigh, NC
Global Chief Privacy Officer, 2017-2019
Merz North America, Inc., Raleigh NC
Senior Counsel and Privacy Officer, 2016-2017
Jackson Lewis, P.C., Raleigh, NC
Co-Practice Group Leader, Privacy, Data Security and eDiscovery Practice Group, 2014-2016
McGuireWoods, LLP, Charlotte and Raleigh, NC
Partner, 2004-2014
Ferguson, Stein, Adkins, Gresham and Sumter, Charlotte, NC
Associate, 2001-2004
US District Court for the Southern District of Georgia, Hon. Anthony A. Alaimo
Law Clerk, 2000-2001
Professional Affiliations
International Association of Privacy Professionals, Fellow
North Carolina Bar Association, Member
Wake County Bar Association, Member
Credentials
International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional/United States (CIPP/US)
Certified Information Privacy Professional/Europe (CIPP/E)
Certificate in Investment Performance Measurement (CIPM)
Certified HIPAA Privacy and Security Expert (CHPSE)
Community/Civic Involvement
Mercer University College of Liberal Arts Alumni
Board of Directors, 2014-2018
Mecklenberg County Legal Aid
Volunteer attorney, 2001-2009
Community Health Services
Director, 2006
Regional HIV/AIDS Consortium
Director and chair, 2001-2005
