Managing Versioned Consent

miaa Access provides a rich API to manage the lifecycle of consents in relation to versioned policies. Policies include an enterprise’s Terms of Service and a Privacy Policy. The API provides full versioning of the consents as well as traceability about where and when the person gave their consent and about the language, territory and version of the policy. miaa Access thus enables your organisation to control the versioning of policies and the freshness of the consents of individual users.

miaa Access has released following features:

Record granular consents

Record granular consents in context and for a specific purpose. Consents are managed as objects with state to represent its lifecycle. Consents are versioned and put in a list so as to accommodate any number of consent versions and types. The consent object is fully configurable and contains the source, the applicable policy and version, the purpose, jurisdiction and history.

Customise the consent lifecycle

Customise the contents of the consent object i.e. the version and whether it’s a major or a minor update, the timestamp, the applicable policy text and the jurisdiction.

Enforce user’s consents

Using miaa PolicyGate, you can ensure that whenever user data is retrieved, this is made subject to the user’s consent. As such, read access to a user’s profile can be made subject to purpose-specific consent from that user, whenever it is accessed.

Offer true forget-me

Offer true forget-me flow via API. The flow will erase specific data in the user profile, keeping essential audit evidence. Using miaa ProfileSync, the forget-me request is also pushed to connected applications. A miaa HouseKeeper function shall delete the profile after a configurable expiration period.

The forget-me flow supports an optional user-confirmation cycle, by sending a confirmation request with a secure challenge & response, with the action ‘confirm forget me’ in the request token.