Managing Versioned Consent
miaa Access has released following features:
Record granular consents
Record granular consents in context and for a specific purpose. Consents are managed as objects with state to represent its lifecycle. Consents are versioned and put in a list so as to accommodate any number of consent versions and types. The consent object is fully configurable and contains the source, the applicable policy and version, the purpose, jurisdiction and history.
Customise the consent lifecycle
Customise the contents of the consent object i.e. the version and whether it’s a major or a minor update, the timestamp, the applicable policy text and the jurisdiction.
Enforce user’s consents
Using miaa PolicyGate, you can ensure that whenever user data is retrieved, this is made subject to the user’s consent. As such, read access to a user’s profile can be made subject to purpose-specific consent from that user, whenever it is accessed.
Offer true forget-me
Offer true forget-me flow via API. The flow will erase specific data in the user profile, keeping essential audit evidence. Using miaa ProfileSync, the forget-me request is also pushed to connected applications. A miaa HouseKeeper function shall delete the profile after a configurable expiration period.
The forget-me flow supports an optional user-confirmation cycle, by sending a confirmation request with a secure challenge & response, with the action ‘confirm forget me’ in the request token.