New DHS privacy chief: I'll speak out if necessary

Hugo Teufel, the Homeland Security Department's new chief privacy officer, said Wednesday that while he sees his position as that of an internal adviser, he also is an ombudsman who must sometimes say publicly that the department erred.

"It's important to have someone in this position that can go to the deputy secretary or the secretary and say, 'That's probably not a good idea,' " Teufel told Government Executive in an interview. "If I thought something were amiss, I would advise the deputy secretary and the secretary. And I would not hesitate to do so."

But Teufel said because he serves in the executive branch, he would not go to Congress with his concerns. The office will comply with a 2002 Homeland Security Act requirement for the chief privacy officer to report to Congress annually, through issuing an annual report, he said. Last year's report has yet to be delivered and is now in the final review stages.

Teufel said he has the independence necessary to perform the job and can speak his mind to DHS Secretary Michael Chertoff, who has confidence in his abilities.

Previously the department's associate general counsel, Teufel is DHS' second permanent privacy chief. He will be responsible for protecting personal information handled by the department and ensuring compliance with a vast array of privacy-related laws, including the Freedom of Information Act, the Privacy Act and laws restricting the use of Social Security numbers.

Reducing the Freedom of Information Act backlog across the department, particularly at the Citizenship and Immigration Services agency, which is responsible for 80 to 85 percent of the department's logjam, will be a top priority, Teufel said.

Other items high on his list include ensuring that information sharing protects privacy and making sure technologies such as radio frequency identitification devices comply with privacy laws.

"I am looking forward to making use of my experience at the department in order to make the office more effective and get the office more plugged in earlier with the various programs that our offices are involved in that impact privacy," Teufel said.

He has been with the department for two and a half years and previously served as the associate solicitor at the Interior Department with then-Secretary Gale Norton. Before that, Teufel was the deputy solicitor general for the state of Colorado, where Norton was the state's attorney general.

Teufel said he has 15 years of legal experience involving FOIA and the Privacy Act, but privacy advocates have said his appointment was surprising because of what appears as a lack of experience in privacy law and management. As the DHS chief privacy officer, Teufel will manage an office of 30 employees as well as coordinate with a team of about 400 Freedom of Information Act and privacy officers across DHS.

While Teufel is not a Certified Information Privacy Professional -- a certification demonstrating the mastery of a standard body of knowledge relating to privacy law -- he said he plans to sit for the two-hour test as soon as soon as it is administered in the Washington, D.C., area.

Others found Teufel's experience with privacy issues lacking. They cited the experience of Maureen Cooney -- who left DHS Friday for a private sector law firm after serving for 10 months as acting chief privacy officer -- and the person she replaced, Nuala O'Connor Kelly. Cooney worked for more than a decade on international privacy issues and O'Connor Kelly was the chief privacy officer at the Commerce Department and at a private company before moving to DHS.

Sen. Ron Wyden, D-Ore., a noted advocate for privacy matters, said when he pushed DHS to appoint a chief privacy officer, he hoped that the position would be filled by someone with significant experience in the privacy field.

"Mr. Teufel does not appear to have that kind of background," Wyden said in a statement.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said he does not believe Teufel is "qualified to take the job as the most important privacy official in the government."

"He's clearly worked for the secretary and while some have said that'll be a good thing, I don't think a former assistant to the secretary can have the independence and the ability to push back," Rotenberg said.

But Bob Gellman, former chief counsel to the House Government Operations Committee Subcommittee on Information, Justice, Transportation and Agriculture, said a lack of experience would "not necessarily [be] a terrible thing."

"Privacy is not rocket science," Gellman said. "You don't need 25 years of experience."

In a July 25 letter to Chertoff, House Homeland Security Committee Ranking Member Bennie Thompson, D- Miss., said he had a "deep concern" over Teufel's selection as chief privacy officer, not only for his lack of experience but for his past job advocating for the department's policies.

Thompson also cited the release of documents containing the personal information, including names, Social Security numbers and driver's license numbers, of employees from Shirlington Limousine from Teufel's office in response to a request from the committee that was investigating the firm in relation to the scandal involving Rep. Randy (Duke) Cunningham, R-Calif.

Teufel told Government Executive that his office was simply trying to comply with the committee's request, did not break any laws and made it clear sensitive information was included in the documents delivered to the committee.