Congress passed a bill last year requiring each federal agency to appoint a chief privacy officer, but lawmakers failed to write a clear job description.

Although the legislation asked agencies to report to Congress on privacy violations and establish guidelines that are easy for the public to understand, it left the duties of the senior privacy official largely undefined.

Does the job require privacy officers to protect individual privacy? Is it the privacy officer's job to ensure compliance with privacy requirements under the Health Insurance Portability and Accountability Act (HIPAA) and the Freedom of Information Act? Who should the privacy officer represent — the agency or the citizen — in cases involving conflicts or complaints?

Experts say that defining the role of federal privacy officers is a work in progress. In most cases, privacy officers have to learn how to balance the demands of security and privacy in an age of terrorism. Franklin Reeder, chairman of the federal Information Security and Privacy Advisory Board, said he has a few ideas for federal privacy officers' duties.

"The challenges facing the chief privacy officer are growing as a result of new technology and new information practices, like the growing use of third-party data," Reeder said.

He leads a board that advises the National Institute of Standards and Technology and the Office of Management and Budget on information security and privacy issues. The board is expected to discuss the role of federal chief privacy officers in a meeting this month. Its members will try to reach consensus on the responsibilities of privacy officers in the federal government.

Experts offered the following suggestions for privacy officers' job descriptions.

Represent the agency, not individual citizens

In the best of all worlds, federal privacy officers could represent their agencies and individual citizens, Reeder said. But privacy officers have a different role from privacy advocates.

Agencies need both, Reeder said. They need someone who administers the provisions of the Privacy Act and someone who is more of an advocate than an administrator.

Reeder added that protecting individual privacy rights supports agencies "because you are helping them comply with the law."

Paul Rosenzweig, chairman of the Homeland Security Department's Privacy Committee and a senior legal research fellow at the Heritage Foundation, said federal privacy officers have been cast in a complicated role.

"The ideal privacy officer doesn't choose between the agency and the public," Rosenzweig said. "In the end, he works for the executive branch."