Hugo Teufel III – Raytheon

As if helping the company navigate the challenges of social distancing and a freefalling economy weren’t enough, Hugo Teufel III has addressed privacy issues associated with one of the largest mergers in American history: that of the Raytheon Company and United Technologies Corporation.

Hugo Teufel III | Chief Privacy Counsel | Raytheon | Photo credit: John Choe

Completed in April, the $135 billion deal created the world’s second-largest aerospace and defense company. Teufel, for his part, built a global privacy compliance program for the Fortune 200 company, home (or office) to more than 60,000 employees. His task: merging the program with UTC’s.

“We’re living in a history-making period,” Teufel says. “Addressing COVID-19 required significant bandwidth in recent weeks, but we’re continuing the integration process.”

While Teufel has since moved on, joining telecom giant CenturyLink this past July, his six-year stint at Raytheon—culminating in the historic merger—proved to be an invaluable learning experience.

Two forces unite

For Teufel and his counterpart, the most pressing challenges stemming from the merger involved integrating similar compliance programs and the vast troves of data—while also protecting personal information. During the pre-closing phase, the two companies analyzed what data each could share with the other. Post-closing, they must consider players within the new corporate structure.

“Understanding the data, its purpose and legal basis for processing the data are fundamental to privacy compliance, but with added stakes given the high-profile merger,” he says. That keeps Teufel busy working with his counterpart at UTC on privacy matters. Together, they’ll be building a joint program and corresponding training.

“During the pre-closing phase, we had to think things through and make sure we’re not oversharing,” Teufel says. “Knitting things together takes time,” he adds. And by “knitting,” Teufel’s talking about harmonizing terminology and policies, aligning people and functions at the corporate and business levels, and addressing cross-border transfers.

UTC has Binding Corporate Rules under the General Data Protection Regulation; Raytheon is certified under the EU/U.S. Privacy Shield Framework. There are also internal controls that each company uses to assess compliance and risk.

COVID complexities

In a pre-COVID world, integrating two massive companies would’ve involved traveling between locations and face-to-face meetings.  Instead, technology such as Zoom, Webex and Skype are being used, but privacy and safety concerns still exist, especially when the sensitive nature of work hinges on national defense and security matters.

COVID, too, raises a litany of questions relating to the use of personal information—everything from what constitutes an essential worker to employee and contractor screening at facilities conducting essential businesses. “This is unprecedented and increases demands on us,” Teufel says. “It’s a changing landscape with evolving requirements globally.”

Hugo Teufel III with paralegal Elaine Chin | Photo credit: John Choe

He says OneTrust, a privacy, security and trust technology company, helps with that. Working together, the two companies were able to take a manual process of privacy impact assessments and data mapping projects and automate it, streamlining it across Raytheon’s global operations.

“Hugo’s work at Raytheon is a great case study of what a global privacy program should be, and we’re proud to play a part in that work,” says OneTrust CEO and Fellow of Information Privacy (FIP), Kabir Barday.

Jam-packed

For Teufel, gaining a global perspective—both educationally and experientially—started after graduating from Denver’s Lutheran High School. His education (and career) would take him around the world from Germany to Latin America and the Asia-Pacific region.

In college, Teufel traveled to Germany for German history and language studies through Georgetown University’s program at the Universität Trier in Tarforst. Then, he earned a bachelor’s degree in economics and a minor in German from Metropolitan State University of Denver.

Degree in hand, he headed to Washington, D.C., where he would earn his J.D. from the American University Washington College of Law, getting his first taste of international relations in the field of national security law. Later he would earn a master’s in national security and strategic studies from the U.S. Naval War College.

After legal positions in the Denver area—as deputy solicitor general at the Colorado Office of the Attorney General and as special counsel at Hall & Evans—Teufel headed back to Washington in 2001.

His friend and former boss, Secretary of the Interior Gale Norton, tapped Teufel for a post as associate solicitor for general law at the Interior Department. In 2004, he moved to the Department of Homeland Security.

Serving at the DHS for five years, he was immersed in privacy issues, first as the associate general counsel for general law before being bumped up by Secretary Chertoff to chief privacy officer in 2006.

“It was ‘baptism by fire’ when I accepted the role of CPO at the department. I gained a tremendous amount of international policy experience in the role, working with EU privacy regulators, members of the European Parliament, staff at the European Commission, Latin American privacy regulators, and privacy advocacy groups, too,” Teufel says.

Understanding the mindset

The roles that followed gave him another perspective on international law. Teufel held several positions at the Office of the Special Inspector General for Afghanistan Reconstruction, and then served in uniform as a senior advisor at the Defense Department’s Periodic Review Secretariat. He was a judge advocate in the D.C. Army National Guard traveling to Europe and the Caribbean.

Teufel wanted to get back to privacy and international law. He got his chance at Raytheon in 2014, as its first full-time privacy professional, traveling to Australia, Korea, Ireland, the United Kingdom and elsewhere in Europe.

Hugo Teufel III with paralegal Elaine Chin | Photo credit: John Choe

“Raytheon’s core has been aerospace and defense, both in the U.S. and abroad,” he says. “It worked out well, as I understand the government and military communities.”

Now, he’s getting a chance to leverage his experience and expertise to help another Fortune500 company: telecom giant CenturyLink. Hired in July, Teufel wasted no time putting his talents to work, diving into everything from privacy and security issues to IT and sales.

But while the corporate landscape might be different, the challenge is anything but.

“Building an effective global privacy compliance program is critical,” he says. “We live in a global information society and economy. Our customers, business partners and employees demand we protect their personal information.”