Title: Automatic Obligation Enforcement for Privacy Policy Compliance Abstract It is becoming increasingly important for enterprises to have a well-defined privacy policy, to establish customer trust and to prevent misuse of privacy data and avoid litigation. Many standards exist for the publication of the privacy policy of an enterprise, which may be more complex than a simple 'allow' or 'deny' rule. The privacy policy may have rules that specify obligations to be executed in the case of certain data access. Currently these obligations are executed manually, with the inherent defects of not being scalable or auditable. In this paper, we discuss the architecture and technology for the automated execution of the obligations associated with a privacy policy that has been developed at IBM India Research Lab. We also present a prototype solution for the obligation enforcement, using IBM Content Manager as the data repository and IBM Record Manager for the obligation enforcement. The system also logs audit information and generates audit trails, to support auditing of the obligation enforcement. We also present a generic architecture for obligation execution associated with different kinds of policies.