IBM has developed a programming language for building software that automatically enforces privacy rules. The vendor, which unveiled the new Enterprise Privacy Authorization Language (EPAL) on Wednesday at the Catalyst Conference in San Francisco, says the language is more sophisticated than current privacy technology, including the Platform for Privacy Preferences Project (P3P) specifications.

IBM intends to promote EPAL as an industry standard, although the company hasn't determined which standards body it will submit the language to later this year. A draft specification of the language is available here.

XML-based P3P is designed only to communicate privacy policies between machines, such as the P3P capabilities built into Microsoft's Explorer Web browser that determines whether a Web site's privacy policy matches a user's privacy preferences. EPAL helps developers translate written privacy policies into machine-readable code and build those policies into customer-relationship management applications, portals, and other software. It also automates the enforcement of those policies between applications and databases, says Steve Adler, market manager for IBM Tivoli security software.

An EPAL health-care application, for example, can include a policy that lets doctors see patient records only if they are the patient's primary-care physician and the patient is notified in advance. The application then enforces that policy by controlling the interactions between the application and the database with the patient records.

"We think this is the future of privacy management," Adler says. IBM's Tivoli Privacy Manager software, available since October, provides privacy enforcement capabilities, but Adler says the language is designed for broader usage.