Jocelyn Aqua leads HWG LLP’s Data, Privacy, and Cybersecurity Practice and is a partner in the AI and Emerging Technology Practice. With over 20 years of experience in the public and private sectors, she advises clients on data privacy, cybersecurity, AI governance, and national security matters.

Jocelyn’s practice focuses on data and emerging technologies, advising clients on data governance, privacy, AI governance, cybersecurity, cross-border data transfers, national security, and related regulatory and compliance matters. She counsels organizations across diverse industries, including telecommunications, technology, healthcare, defense, financial services, and hospitality. Drawing on her cross-sector expertise, Jocelyn provides strategic, operational, and technical guidance to help clients interpret complex regulatory requirements, mitigate risk, and strengthen the maturity of their legal, compliance, incident response, due diligence, and governance programs.

Prior to joining HWG, Jocelyn was a Principal at PwC, where she served as a Data, Risk, Privacy, and AI Governance Principal. In that role, she advised clients on designing and implementing AI governance frameworks, privacy and data protection programs, incident response protocols, cross-border data transfer mechanisms, and regulatory risk assessments to enhance organizational governance maturity and compliance. Additionally, as the Data, Privacy & Ethics Leader for PwC Products & Technology, she built and led a 40-person global team responsible for data governance, privacy, accessibility, and AI governance. Jocelyn also served as interim Global Chief Privacy Officer at Citi, where she led enterprise-wide privacy and data governance initiatives and managed a global privacy and records compliance organization.

Jocelyn held senior roles in privacy, cybersecurity, and national security within the U.S. Department of Justice’s National Security and Criminal Divisions, as well as the Office of the Director of National Intelligence. In these capacities, she oversaw high-stakes matters at the intersection of privacy, cybersecurity, and national security; represented the United States in cross-border data-sharing negotiations with the European Commission; and helped shape enduring policy frameworks governing cloud computing, emerging technologies, transparency, cybersecurity, and privacy. For her contributions, Jocelyn received the Attorney General’s Award for Excellence in Furthering the Interests of U.S. National Security.

Earlier in her career, Jocelyn practiced at two leading global law firms where she counseled clients on complex regulatory, litigation, and arbitration matters.

Jocelyn is a Certified Information Privacy Professional (CIPP/G) through the International Association of Privacy Professionals. Outside of her client work, Jocelyn serves as External General Counsel to the AI Trust Foundation, a global nonprofit advancing responsible AI governance and innovation, as a Senior Fellow with the Future of Privacy Forum, a global nonprofit that serves as a catalyst for data privacy leadership and scholarship, and advisor and lecturer at the Digital Democracy Lab at William & Mary Law School. Jocelyn earned her J.D. from The George Washington University Law School, her M.A. from The George Washington University Elliott School of International Affairs, and her B.A. from Pennsylvania State University.

Read More+

Recognition

• Awarded the DOJ Attorney General’s Award for Excellence in Furthering the Interests of U.S. National Security (2016)
• Received the DOJ National Security Division Team Award for Excellence (2014)
• Received the ODNI Award for Exceptional Performance from the Office of the Director of National Intelligence (2011)
• Awarded the DOJ Criminal Division Team Award for Supporting the National Security Mission (2007)

Professional and Community Involvement

Professional Affiliations

• Women in AI Governance, Charter Member (2025 – present)
• Future of Privacy Forum, Senior Fellow (2025 – present)
• FPF AI Center Leadership Council (2024 – Present)
• FPF Advisory Board Member (2017 – present)
• William & Mary School of Law, AI Law & Policy Lecturer (2024 – Present)
• William & Mary School of Law, Digital Democracy Lab, Senior Fellow (2025 – Present)
• Chief, Executive Women’s Leadership Organization (admitted 2022 – present)

Firm Involvement

• Practice Group Chair, Data, Privacy and Cybersecurity

Presentations and Publications

Publications

• “AI Compliance starts with Operationalizing your Risk-Assessment Capabilities,” PwC – The Next Move(September 2024)
• “Treasury warns firms of AI risks, urges sector-wide response,” PwC – The Next Move (June 2024)
• “State AI laws proliferate, altering the regulatory landscape,” PwC – The Next Move (June 2024)
• “Insurance AI Rules offer Guideposts for Other Sectors,” PwC – The Next Move (May 2024)
• “White House Limits Bulk Data Transfers to Foreign Adversaries,” PwC – The Next Move (April 2024)
• “Federal Agencies Tackle AI Risk, Filling the Legislation Void,” PwC – The Next Move (March 2024)
• “EU’s AI Act advances, sparking race to readiness,” PwC – The Next Move (February 2024)
• “EU policymakers approve cyber regulation for connected products,” PwC – The Next Move (January 2024)
• “EU policymakers approve cyber regulation for connected products,” PwC – The Next Move (January 2024)
• “EU policymakers agree on landmark AI framework,” PwC – The Next Move (December 2023)
• “FCC pushes to restore net neutrality,” PwC – The Next Move (December 2023)
• “California advances prescriptive cyber audit rules,” PwC – The Next Move (December 2023)
• “White House mobilizes bold push for responsible adoption of AI,” PwC – The Next Move (November 2023)
• “AI Executive Order,” PwC – The Next Move (October 2023)
• “AI Companies’ White House Pledge,” PwC – The Next Move (September 2023)
• “EU decision lifts cloud over transatlantic data flows,” PwC – The Next Move (August 2023)

Presentations and Lectures

• “The Human-Centered Future: Implementing Responsible AI for HR,” (Co-presenter) IAPP Global AI Governance Summit (September 2025)
• “AI Crisis Simulation,” FPF Privacy Executive Network Annual Meeting (September 2025)
• “Top Privacy and Cybersecurity Issues for In-House Privacy Leaders,” (Moderator) 2nd Annual DC Privacy Forum, Future of Privacy Forum: Convening Top Voices in Governance in the Digital Age (June 2025)
• “DOJ Bulk Data Security Program,” (Moderator) FPF Advisory Board Meeting (June 2025)
• “Cross-Border Data Flows and Transfer Impact Assessments in Practice,” (Panelist) Venice Privacy Symposium (May 2025)
• “Global HR Data Privacy: AI, Compliance and Cross-Border Challenges,” (Moderator) Venice Privacy Symposium (May 2025)
• “Reinventing Privacy Work for a New Era,” (Co-presenter) IAPP Global Privacy Summit (April 2025)
• “Trademarks and Information Privacy Law,” (Lecturer) Penn State Dickinson School of Law (April 2025)
• “Navigating Demographic Measurement for Fairness and Equity,” (Moderator) FPF Privacy Papers for Policymakers (March 2025)
• “AI Governance Regulation,” (Participant) Wharton Business School, Data, Law & Ethics Colloquium (March 2025)
• “AI and Consumer Protection,” (Participant) EU Parliament Private Roundtable, Atlantic Council Europe Center (February 2025)
• “Transatlantic AI Task Force,” (Participant) Atlantic Council (October 2024 – March 2025)
• “AI Ethics,” (Panelist) Penn State Smeal Business School Impact Day (September 2024)
• “Digital Governance Leadership Roundtable,” (Participant) IAPP (September 2024)
• “Transfer Impact Assessments in Practice,” (Moderator) Venice Privacy Symposium (June 2024)
• “Executive Roundtables,” (Moderator) FPF Advisory Board Meetings (June 2024)
• “Privacy Executive Conference,” (Participant) IAPP Leadership Summit (June 2024)
• “Algorithmic Harms,” (Commentator/Moderator) Privacy Scholars Law Conference (May 2024)
• “Responsible AI Governance,” (Panelist) Privacy + Security Forum, DC (May 2024)
• “EU AI Act,” (Executive Roundtable) Atlantic Council and CIPL (April 2024)
• “AI Civil Rights – The Future of AI Governance,” (Executive Roundtable) NYU and New America (April 2024)
• “Cyber Attacks, AI Weaponry, and the Future of National Security Policy,” (Panelist) Annual National Security Conference (March 2024)
• “AI Governance,” (Panelist) William & Mary National Security Conference (March 2024)
• “AI Governance,” (Panelist) NCREIF Spring Conference, Phoenix (March 2024)
• “Responsible AI: Navigating AI Governance, Ethics and Risk in a Changing Regulatory World,” (Moderator) ICI Investment Management Conference, Palm Springs (March 2024)
• “AI and EU Regulations,” (Moderator) William & Mary Data & Democracy Conference (February 2024)
• “Competition and Cooperation in East Asia,” (Panelist) Global Research Institute on China, Williamsburg, VA (February 2024)
• “AI Impact Assessments,” (Panelist) Brussels Privacy Symposium (November 2023)
• “AI Governance,” (Guest Speaker & Roundtable Leader) ICI Chief Risk & Internal Audit Officers Joint Meeting, DC (November 2023)
• “Data Localization and AI,” (Executive Privacy Officer Roundtable) Sidley Austin, Brussels (November 2023)
• “AI Conformity Assessments,” (Executive Roundtable) Microsoft, Brussels (November 2023)
• “AI Governance Training,” (Roundtable Leader) IAPP AI Global Summit, Boston (November 2023)
• “AI Governance and National Security,” (Panelist) ABA National Security Conference, DC (November 2023)
• “Blueprint for an AI Bill of Rights – One Year Later,” (Roundtable Participant) New America/NYU/Georgetown, DC (October 2023)
• “AI Governance,” (Panelist) Financial Services Conference (PwC Global), New York (October 2023)
• “AI Governance,” (Panelist) Center for Democracy & Technology and William & Mary, DC (October 2023)
• “Responsible AI Governance,” (Panelist) National Association of Women Lawyers Annual Conference, Chicago (July 2023)
• “Privacy and AI Compliance,” (Panelist) Privacy + Security Forum, DC (May 2023)
• “AI Governance Training Forum Speaker,” IAPP Global Privacy Summit (April 2023)
• “AI for Privacy Professionals,” IAPP Privacy, Security, Risk Conference (October 2022)
• “The new transatlantic data privacy framework: What is it, and will it last?” (Panelist) Atlantic Council Europe Center (October 2022)
• “Privacy on the Inside: Addressing the Evolving US Landscape for Employee Privacy,” (Panelist) Privacy + Security Forum (May 2022)
• “Privacy in 2022: The Year Ahead,” (Panelist) TeachPrivacy Webinar (January 2022)
• “Accessibility by Design: A fresh approach to improve privacy and security, (Moderator) Executive Women Forum Webinar (September 2021)
• “Privacy Leaders Panel: Key Topics in Privacy Leadership Today,” (Panelist) Center for Democracy and Technology (June 2021)
• “Ask the Experts speak with Jane Allen and Jocelyn Aqua of PwC on Information Governance,” Ask The Experts Podcast ACC Northeast (June 2021)
• “Private Sector vs Public Sector Privacy: Key Similarities and Differences,” IAPP Global Privacy Summit (April 2021)
• “Digital Privacy & Security in a Connected World: Recommendations for the Next Administration,” (Panelist) Atlantic Council (October 2020)
• “Schrems II Initial Reactions with Daniel Solove, Justin Antonipillai, Gabriela Zanfir-Fortuna, Jocelyn Aqua, Ralf Sauer, and Bob Litt,” (Panelist) TeachPrivacy (July 2020)
• “Employee Contact Tracing: Privacy, Public Safety, and Data Ethics,” (Panelist) Privacy and Security Academy (May 2020)
• “ERM 2.0: Driving Business Strategy and Operations in Alignment with Privacy,” (Panelist) IAPP webinar (April 2020)
• “Privacy Impact Assessment: The Most Powerful Tool in Your Privacy Program Toolbox,” (Panelist) Privacy and Security Academy (October 2018)

Media Coverage

• Quoted in “AI Governance Gets Real: Tips From a Chat Platform on Building a Program,” Cybersecurity Law Report (October 2022)
• Featured in “AI Governance Gets Real: Core Compliance Strategies,” Cybersecurity Law Report (October 2022)
• Mentioned in “Privacy Executives Hope Trans-Atlantic Deal Withstands Court Challenges,” Wall Street Journal – Risk & Compliance Journal (October 2022)
• Featured in “How to Facilitate a Privacy Compliant Return to Work: Contact Tracing and Fund Manager Considerations (Part Three of Three),” Hedge Fund Law Report (May 2020)
• Featured in “Former US privacy officials say ‘not so fast’ on federal law,” IAPP (October 2019)
• Quoted in “The Cyber Risk of False Confidence,” InformationWeek (October 2017)
• Featured in “PwC Principal Jocelyn Aqua on Earning Consumer Trust and Business,” CyberWire Daily Podcast (November 2017)

In the News

10/14/25 —

Firm News

HWG LLP Welcomes Partner Jocelyn Aqua to Lead the Firm’s Data, Privacy, and Cybersecurity Practice Group; Expands AI and Emerging Technologies Capabilities