@tantainnovative/ndpr-toolkit 1.0.2 → 1.0.3

package/packages/ndpr-toolkit/src/types/breach.ts

@@ -0,0 +1,283 @@
+/**
+ * Represents a data breach category
+ */
+export interface BreachCategory {
+  /**
+   * Unique identifier for the category
+   */
+  id: string;
+  
+  /**
+   * Display name for the category
+   */
+  name: string;
+  
+  /**
+   * Description of this breach category
+   */
+  description: string;
+  
+  /**
+   * Default severity level for this category
+   */
+  defaultSeverity: 'low' | 'medium' | 'high' | 'critical';
+}
+
+/**
+ * Represents a data breach report
+ */
+export interface BreachReport {
+  /**
+   * Unique identifier for the breach report
+   */
+  id: string;
+  
+  /**
+   * Title/summary of the breach
+   */
+  title: string;
+  
+  /**
+   * Detailed description of the breach
+   */
+  description: string;
+  
+  /**
+   * Category of the breach
+   */
+  category: string;
+  
+  /**
+   * Timestamp when the breach was discovered
+   */
+  discoveredAt: number;
+  
+  /**
+   * Timestamp when the breach occurred (if known)
+   */
+  occurredAt?: number;
+  
+  /**
+   * Timestamp when the breach was reported internally
+   */
+  reportedAt: number;
+  
+  /**
+   * Person who reported the breach
+   */
+  reporter: {
+    name: string;
+    email: string;
+    department: string;
+    phone?: string;
+  };
+  
+  /**
+   * Systems or data affected by the breach
+   */
+  affectedSystems: string[];
+  
+  /**
+   * Types of data involved in the breach
+   */
+  dataTypes: string[];
+  
+  /**
+   * Estimated number of data subjects affected
+   */
+  estimatedAffectedSubjects?: number;
+  
+  /**
+   * Whether the breach is ongoing or contained
+   */
+  status: 'ongoing' | 'contained' | 'resolved';
+  
+  /**
+   * Initial actions taken to address the breach
+   */
+  initialActions?: string;
+  
+  /**
+   * Attachments related to the breach (e.g., screenshots, logs)
+   */
+  attachments?: Array<{
+    id: string;
+    name: string;
+    type: string;
+    url: string;
+    addedAt: number;
+  }>;
+}
+
+/**
+ * Represents a risk assessment for a data breach
+ */
+export interface RiskAssessment {
+  /**
+   * Unique identifier for the risk assessment
+   */
+  id: string;
+  
+  /**
+   * ID of the breach this assessment is for
+   */
+  breachId: string;
+  
+  /**
+   * Timestamp when the assessment was conducted
+   */
+  assessedAt: number;
+  
+  /**
+   * Person who conducted the assessment
+   */
+  assessor: {
+    name: string;
+    role: string;
+    email: string;
+  };
+  
+  /**
+   * Confidentiality impact (1-5)
+   */
+  confidentialityImpact: number;
+  
+  /**
+   * Integrity impact (1-5)
+   */
+  integrityImpact: number;
+  
+  /**
+   * Availability impact (1-5)
+   */
+  availabilityImpact: number;
+  
+  /**
+   * Likelihood of harm to data subjects (1-5)
+   */
+  harmLikelihood: number;
+  
+  /**
+   * Severity of potential harm to data subjects (1-5)
+   */
+  harmSeverity: number;
+  
+  /**
+   * Overall risk score
+   */
+  overallRiskScore: number;
+  
+  /**
+   * Risk level based on the overall score
+   */
+  riskLevel: 'low' | 'medium' | 'high' | 'critical';
+  
+  /**
+   * Whether the breach is likely to result in a risk to the rights and freedoms of data subjects
+   */
+  risksToRightsAndFreedoms: boolean;
+  
+  /**
+   * Whether the breach is likely to result in a high risk to the rights and freedoms of data subjects
+   */
+  highRisksToRightsAndFreedoms: boolean;
+  
+  /**
+   * Justification for the risk assessment
+   */
+  justification: string;
+}
+
+/**
+ * Represents notification requirements for a data breach
+ */
+export interface NotificationRequirement {
+  /**
+   * Whether NITDA notification is required
+   */
+  nitdaNotificationRequired: boolean;
+  
+  /**
+   * Deadline for NITDA notification (72 hours from discovery)
+   */
+  nitdaNotificationDeadline: number;
+  
+  /**
+   * Whether data subject notification is required
+   */
+  dataSubjectNotificationRequired: boolean;
+  
+  /**
+   * Justification for the notification decision
+   */
+  justification: string;
+}
+
+/**
+ * Represents a notification sent to NITDA
+ */
+export interface RegulatoryNotification {
+  /**
+   * Unique identifier for the notification
+   */
+  id: string;
+  
+  /**
+   * ID of the breach this notification is for
+   */
+  breachId: string;
+  
+  /**
+   * Timestamp when the notification was sent
+   */
+  sentAt: number;
+  
+  /**
+   * Method used to send the notification
+   */
+  method: 'email' | 'portal' | 'letter' | 'other';
+  
+  /**
+   * Reference number assigned by NITDA (if available)
+   */
+  referenceNumber?: string;
+  
+  /**
+   * Contact person at NITDA
+   */
+  nitdaContact?: {
+    name: string;
+    email: string;
+    phone?: string;
+  };
+  
+  /**
+   * Content of the notification
+   */
+  content: string;
+  
+  /**
+   * Attachments included with the notification
+   */
+  attachments?: Array<{
+    id: string;
+    name: string;
+    type: string;
+    url: string;
+  }>;
+  
+  /**
+   * Follow-up communications with NITDA
+   */
+  followUps?: Array<{
+    timestamp: number;
+    direction: 'sent' | 'received';
+    content: string;
+    attachments?: Array<{
+      id: string;
+      name: string;
+      type: string;
+      url: string;
+    }>;
+  }>;
+}

package/packages/ndpr-toolkit/src/types/consent.ts

@@ -0,0 +1,111 @@
+/**
+ * Represents a consent option that can be presented to users
+ */
+export interface ConsentOption {
+  /**
+   * Unique identifier for the consent option
+   */
+  id: string;
+  
+  /**
+   * Display label for the consent option
+   */
+  label: string;
+  
+  /**
+   * Detailed description of what this consent option covers
+   */
+  description: string;
+  
+  /**
+   * Whether this consent option is required (cannot be declined)
+   */
+  required: boolean;
+  
+  /**
+   * Default state of the consent option
+   * @default false
+   */
+  defaultValue?: boolean;
+}
+
+/**
+ * Represents the user's consent settings
+ */
+export interface ConsentSettings {
+  /**
+   * Map of consent option IDs to boolean values indicating consent status
+   */
+  consents: Record<string, boolean>;
+  
+  /**
+   * Timestamp when consent was last updated
+   */
+  timestamp: number;
+  
+  /**
+   * Version of the consent form that was accepted
+   */
+  version: string;
+  
+  /**
+   * Method used to collect consent (e.g., "banner", "settings", "api")
+   */
+  method: string;
+  
+  /**
+   * Whether the user has actively made a choice (as opposed to default settings)
+   */
+  hasInteracted: boolean;
+}
+
+/**
+ * Represents the storage mechanism for consent settings
+ */
+export interface ConsentStorageOptions {
+  /**
+   * Storage key for consent settings
+   * @default "ndpr_consent"
+   */
+  storageKey?: string;
+  
+  /**
+   * Storage type to use
+   * @default "localStorage"
+   */
+  storageType?: 'localStorage' | 'sessionStorage' | 'cookie';
+  
+  /**
+   * Cookie options (only used when storageType is "cookie")
+   */
+  cookieOptions?: {
+    /**
+     * Domain for the cookie
+     */
+    domain?: string;
+    
+    /**
+     * Path for the cookie
+     * @default "/"
+     */
+    path?: string;
+    
+    /**
+     * Expiration days for the cookie
+     * @default 365
+     */
+    expires?: number;
+    
+    /**
+     * Whether the cookie should be secure
+     * @default true
+     */
+    secure?: boolean;
+    
+    /**
+     * SameSite attribute for the cookie
+     * @default "Lax"
+     */
+    sameSite?: 'Strict' | 'Lax' | 'None';
+  };
+}

package/packages/ndpr-toolkit/src/types/dpia.ts

@@ -0,0 +1,236 @@
+/**
+ * Represents a question in the DPIA questionnaire
+ */
+export interface DPIAQuestion {
+  /**
+   * Unique identifier for the question
+   */
+  id: string;
+  
+  /**
+   * The text of the question
+   */
+  text: string;
+  
+  /**
+   * Additional guidance for answering the question
+   */
+  guidance?: string;
+  
+  /**
+   * Type of input required for the answer
+   */
+  type: 'text' | 'textarea' | 'select' | 'radio' | 'checkbox' | 'scale';
+  
+  /**
+   * Options for select, radio, or checkbox questions
+   */
+  options?: Array<{
+    value: string;
+    label: string;
+    riskLevel?: 'low' | 'medium' | 'high';
+  }>;
+  
+  /**
+   * For scale questions, the minimum value
+   */
+  minValue?: number;
+  
+  /**
+   * For scale questions, the maximum value
+   */
+  maxValue?: number;
+  
+  /**
+   * For scale questions, labels for the scale points
+   */
+  scaleLabels?: Record<number, string>;
+  
+  /**
+   * Whether the question is required
+   */
+  required: boolean;
+  
+  /**
+   * Risk level associated with this question
+   */
+  riskLevel?: 'low' | 'medium' | 'high';
+  
+  /**
+   * Whether this question triggers additional questions based on the answer
+   */
+  hasDependentQuestions?: boolean;
+  
+  /**
+   * Conditions that determine when this question should be shown
+   */
+  showWhen?: Array<{
+    questionId: string;
+    operator: 'equals' | 'contains' | 'greaterThan' | 'lessThan';
+    value: any;
+  }>;
+}
+
+/**
+ * Represents a section in the DPIA questionnaire
+ */
+export interface DPIASection {
+  /**
+   * Unique identifier for the section
+   */
+  id: string;
+  
+  /**
+   * Title of the section
+   */
+  title: string;
+  
+  /**
+   * Description of the section
+   */
+  description?: string;
+  
+  /**
+   * Questions in this section
+   */
+  questions: DPIAQuestion[];
+  
+  /**
+   * Order of the section in the questionnaire
+   */
+  order: number;
+}
+
+/**
+ * Represents a risk identified in the DPIA
+ */
+export interface DPIARisk {
+  /**
+   * Unique identifier for the risk
+   */
+  id: string;
+  
+  /**
+   * Description of the risk
+   */
+  description: string;
+  
+  /**
+   * Likelihood of the risk occurring (1-5)
+   */
+  likelihood: number;
+  
+  /**
+   * Impact if the risk occurs (1-5)
+   */
+  impact: number;
+  
+  /**
+   * Overall risk score (likelihood * impact)
+   */
+  score: number;
+  
+  /**
+   * Risk level based on the score
+   */
+  level: 'low' | 'medium' | 'high' | 'critical';
+  
+  /**
+   * Measures to mitigate the risk
+   */
+  mitigationMeasures?: string[];
+  
+  /**
+   * Whether the risk has been mitigated
+   */
+  mitigated: boolean;
+  
+  /**
+   * Residual risk score after mitigation
+   */
+  residualScore?: number;
+  
+  /**
+   * Questions that identified this risk
+   */
+  relatedQuestionIds: string[];
+}
+
+/**
+ * Represents the result of a completed DPIA
+ */
+export interface DPIAResult {
+  /**
+   * Unique identifier for the DPIA
+   */
+  id: string;
+  
+  /**
+   * Title of the DPIA
+   */
+  title: string;
+  
+  /**
+   * Description of the processing activity being assessed
+   */
+  processingDescription: string;
+  
+  /**
+   * Timestamp when the DPIA was started
+   */
+  startedAt: number;
+  
+  /**
+   * Timestamp when the DPIA was completed
+   */
+  completedAt?: number;
+  
+  /**
+   * Person responsible for conducting the DPIA
+   */
+  assessor: {
+    name: string;
+    role: string;
+    email: string;
+  };
+  
+  /**
+   * Answers to all questions in the DPIA
+   */
+  answers: Record<string, any>;
+  
+  /**
+   * Risks identified in the DPIA
+   */
+  risks: DPIARisk[];
+  
+  /**
+   * Overall risk level of the processing activity
+   */
+  overallRiskLevel: 'low' | 'medium' | 'high' | 'critical';
+  
+  /**
+   * Whether the DPIA concluded that the processing can proceed
+   */
+  canProceed: boolean;
+  
+  /**
+   * Reasons why the processing can or cannot proceed
+   */
+  conclusion: string;
+  
+  /**
+   * Recommendations for the processing activity
+   */
+  recommendations?: string[];
+  
+  /**
+   * Next review date for the DPIA
+   */
+  reviewDate?: number;
+  
+  /**
+   * Version of the DPIA questionnaire used
+   */
+  version: string;
+}