Amy Worley

Amy R. Worley is a nationally recognized expert in privacy and information security with over two decades of experience advising multinational organizations on data protection, cybersecurity, and regulatory compliance. A Certified Information Systems Security Professional (CISSP) and certified HIPAA privacy and security expert (CHPSE), she has led global initiatives to build and operationalize enterprise-wide privacy and security programs. As the former Chief Privacy and Records Officer at Merz Pharma Group, she architected a GDPR-compliant framework across 28 countries and implemented a unified records management system. Amy has served as a third-party Data Protection Officer for global companies and has testified in U.S. federal court as an expert on breach notification and the misuse of stolen personal data. She frequently assists companies in developing technical and organizational measures to protect data and respond to security incidents.

With a legal foundation that includes litigation on trade secret misappropriation, computer fraud, and data misuse, Amy brings a uniquely integrated perspective to privacy and security governance. She advises executive teams and boards on breach readiness, incident response, and enterprise risk management related to personal data and cybersecurity threats. Amy holds multiple IAPP certifications (CIPP/US, CIPP/E, CIPM) and is a Fellow of Information Privacy. Her thought leadership spans AI governance, cross-border data transfers, and HIPAA liability, with frequent contributions to legal and industry publications. She is also a certified Artificial Intelligence Governance Professional and continues to shape the evolving landscape of data ethics and security.