- {analyzeResult.bias_metrics.violations_detected.map((violation: any, i: number) => (
-
- {/* Privacy Risks - PII Detection */}
- {analyzeResult.risk_assessment.privacy_risks && (
-
-
- 🔒
-
Privacy Risks
-
- {typeof analyzeResult.risk_assessment.privacy_risks === 'object' && !Array.isArray(analyzeResult.risk_assessment.privacy_risks)
- ? (analyzeResult.risk_assessment.privacy_risks.pii_count || 0)
- : (Array.isArray(analyzeResult.risk_assessment.privacy_risks) ? analyzeResult.risk_assessment.privacy_risks.length : 0)} PII Types
-
-
-
- {/* PII Detections - Handle both object and array formats */}
- {(typeof analyzeResult.risk_assessment.privacy_risks === 'object' &&
- !Array.isArray(analyzeResult.risk_assessment.privacy_risks) &&
- analyzeResult.risk_assessment.privacy_risks.pii_detected &&
- analyzeResult.risk_assessment.privacy_risks.pii_detected.length > 0) ? (
-
-
- {analyzeResult.risk_assessment.privacy_risks.pii_detected.slice(0, 6).map((pii: any, idx: number) => (
-
-
-
- {pii.column}
-
-
- {pii.severity}
-
-
-
- {pii.type}
-
-
- Detected via: {pii.detection_method}
- {pii.confidence && ` (${(pii.confidence * 100).toFixed(0)}% confidence)`}
-
-
- ))}
-
-
- {/* Privacy Metrics */}
- {typeof analyzeResult.risk_assessment.privacy_risks === 'object' &&
- !Array.isArray(analyzeResult.risk_assessment.privacy_risks) && (
-
-
-
Re-ID Risk
-
- {analyzeResult.risk_assessment.privacy_risks.reidentification_risk
- ? (analyzeResult.risk_assessment.privacy_risks.reidentification_risk * 100).toFixed(0)
- : 0}%
-
-
-
-
Data Minimization
-
- {analyzeResult.risk_assessment.privacy_risks.data_minimization_score
- ? (analyzeResult.risk_assessment.privacy_risks.data_minimization_score * 100).toFixed(0)
- : 0}%
-
-
-
-
Anonymization
-
- {analyzeResult.risk_assessment.privacy_risks.anonymization_level || 'N/A'}
-
-
-
-
Detection
-
- {analyzeResult.risk_assessment.privacy_risks.detection_method || 'Auto'}
-
-
-
- )}
-
- ) : (
-
- ✓ No PII detected in the dataset
-
- )}
+ {/* Risky Features Analysis - Feature-Level Risk Display */}
+ {analyzeResult.risk_assessment.privacy_risks && (
+
+
+ ⚠️
+
Risky Features & Columns
+
+ {typeof analyzeResult.risk_assessment.privacy_risks === 'object' && !Array.isArray(analyzeResult.risk_assessment.privacy_risks)
+ ? (analyzeResult.risk_assessment.privacy_risks.pii_count || 0)
+ : (Array.isArray(analyzeResult.risk_assessment.privacy_risks) ? analyzeResult.risk_assessment.privacy_risks.length : 0)} Risky Features Found
+
- )}
- {/* Violations Section with Enhanced Design */}
+ {/* Risky Features List */}
+ {(typeof analyzeResult.risk_assessment.privacy_risks === 'object' &&
+ !Array.isArray(analyzeResult.risk_assessment.privacy_risks) &&
+ analyzeResult.risk_assessment.privacy_risks.pii_detected &&
+ analyzeResult.risk_assessment.privacy_risks.pii_detected.length > 0) ? (
+
+ {/* Privacy Risk Metrics Summary */}
+
+
+
Re-Identification Risk
+
0.7 ? 'text-red-600' :
+ (analyzeResult.risk_assessment.privacy_risks.reidentification_risk || 0) > 0.4 ? 'text-orange-600' :
+ 'text-green-600'
+ }`}>
+ {analyzeResult.risk_assessment.privacy_risks.reidentification_risk
+ ? (analyzeResult.risk_assessment.privacy_risks.reidentification_risk * 100).toFixed(0)
+ : 0}%
+
+
Can individuals be identified?
+
+
+
Data Minimization
+
0.7 ? 'text-green-600' :
+ (analyzeResult.risk_assessment.privacy_risks.data_minimization_score || 0) > 0.4 ? 'text-orange-600' :
+ 'text-red-600'
+ }`}>
+ {analyzeResult.risk_assessment.privacy_risks.data_minimization_score
+ ? (analyzeResult.risk_assessment.privacy_risks.data_minimization_score * 100).toFixed(0)
+ : 0}%
+
+
Collecting only necessary data
+
+
+
Anonymization Level
+
+ {analyzeResult.risk_assessment.privacy_risks.anonymization_level || 'NONE'}
+
+
Protection applied
+
+
+
Detection Method
+
+ {analyzeResult.risk_assessment.privacy_risks.detection_method || 'Auto'}
+
+
Analysis engine used
+
+
+
+ {/* Individual Risky Features */}
+
+
+ 🔍 Detailed Feature Risk Analysis
+
+ {analyzeResult.risk_assessment.privacy_risks.pii_detected.map((pii: any, idx: number) => {
+ // Map PII types to risk explanations with GDPR Article references
+ const riskExplanations: Record
= {
+ 'EMAIL_ADDRESS': {
+ why: 'Email addresses are direct identifiers that can be used to contact and track individuals across systems, creating privacy risks.',
+ impact: 'HIGH RISK: Can lead to identity theft, phishing attacks, unauthorized marketing, and privacy violations under GDPR Article 6.',
+ gdprArticles: [
+ 'Article 4(1) - Definition of Personal Data: Email is personally identifiable information',
+ 'Article 6 - Lawful Basis Required: Processing requires consent, contract, or legitimate interest',
+ 'Article 7 - Consent Conditions: Must obtain explicit, informed consent',
+ 'Article 17 - Right to Erasure: Users can request email deletion',
+ 'Article 21 - Right to Object: Users can opt out of email processing'
+ ],
+ actions: ['Encrypt email addresses', 'Hash or pseudonymize for analytics', 'Implement consent management', 'Enable right to erasure', 'Provide opt-out mechanisms']
+ },
+ 'EMAIL': {
+ why: 'Email addresses are direct identifiers that can be used to contact and track individuals across systems.',
+ impact: 'HIGH RISK: Can lead to identity theft, phishing attacks, unauthorized marketing, and privacy violations.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data Definition',
+ 'Article 6 - Lawful Basis for Processing',
+ 'Article 7 - Conditions for Consent',
+ 'Article 17 - Right to Erasure'
+ ],
+ actions: ['Encrypt email addresses', 'Implement consent management', 'Enable deletion on request', 'Apply data minimization']
+ },
+ 'PHONE_NUMBER': {
+ why: 'Phone numbers directly identify individuals and enable real-time contact, creating opportunities for harassment and fraud.',
+ impact: 'HIGH RISK: Enables unwanted contact, harassment, SIM swapping attacks, location tracking, and telemarketing violations.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data: Phone numbers identify natural persons',
+ 'Article 6 - Lawfulness of Processing: Requires lawful basis',
+ 'Article 32 - Security of Processing: Must implement appropriate security measures',
+ 'Article 21 - Right to Object to Processing',
+ 'ePrivacy Directive - Consent required for electronic communications'
+ ],
+ actions: ['Remove if not essential', 'Apply tokenization', 'Restrict access controls', 'Implement call verification', 'Enable number suppression']
+ },
+ 'PHONE': {
+ why: 'Phone numbers are direct personal identifiers enabling contact and tracking.',
+ impact: 'HIGH RISK: Harassment, fraud, and unauthorized marketing.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data',
+ 'Article 6 - Lawful Processing',
+ 'Article 32 - Security Measures'
+ ],
+ actions: ['Tokenize phone numbers', 'Implement access controls', 'Enable opt-out']
+ },
+ 'PERSON': {
+ why: 'Personal names are primary identifiers. Combined with other quasi-identifiers (age, location), they enable complete re-identification.',
+ impact: 'MEDIUM-HIGH RISK: When combined with location, age, or other quasi-identifiers, creates high re-identification risk violating k-anonymity.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data: Names identify natural persons',
+ 'Article 5(1)(c) - Data Minimization: Collect only necessary data',
+ 'Article 5(1)(e) - Storage Limitation: Keep only as long as necessary',
+ 'Article 25 - Data Protection by Design and Default',
+ 'Article 32(1)(a) - Pseudonymization and encryption requirements'
+ ],
+ actions: ['Use pseudonyms or IDs', 'Apply k-anonymity techniques (k≥5)', 'Separate name from sensitive attributes', 'Implement access logging', 'Apply l-diversity for protection']
+ },
+ 'NAME': {
+ why: 'Names are direct personal identifiers that enable individual identification.',
+ impact: 'MEDIUM-HIGH RISK: Re-identification when combined with other data.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data',
+ 'Article 5(1)(c) - Data Minimization',
+ 'Article 25 - Data Protection by Design'
+ ],
+ actions: ['Use pseudonyms', 'Apply k-anonymity', 'Implement access logging']
+ },
+ 'LOCATION': {
+ why: 'Location data reveals where individuals live, work, and travel, exposing personal patterns, habits, and sensitive locations (hospitals, religious sites).',
+ impact: 'HIGH RISK: Can expose home addresses, workplaces, medical facilities, places of worship, creating discrimination and stalking risks.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data: Location identifies individuals',
+ 'Article 9(1) - Special Categories: Location at sensitive sites reveals protected characteristics',
+ 'Article 32 - Security Measures: Encryption and access controls required',
+ 'Article 35 - Data Protection Impact Assessment: Required for location tracking',
+ 'Recital 30 - Online identifiers and location data'
+ ],
+ actions: ['Generalize to zip code or city level', 'Apply geographic masking', 'Remove precise coordinates', 'Implement geofencing', 'Conduct DPIA', 'Apply differential privacy']
+ },
+ 'ADDRESS': {
+ why: 'Physical addresses directly identify individuals and their home locations.',
+ impact: 'HIGH RISK: Enables stalking, burglary, and privacy violations.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data',
+ 'Article 9 - Special Categories (if sensitive location)',
+ 'Article 32 - Security Measures'
+ ],
+ actions: ['Generalize to zip code', 'Apply geographic masking', 'Restrict access']
+ },
+ 'SSN': {
+ why: 'Social Security Numbers are PERMANENT unique identifiers used across critical systems (banking, taxes, healthcare, employment).',
+ impact: 'CRITICAL RISK: Enables complete identity theft, fraudulent credit, tax fraud, medical identity theft, and unauthorized government benefits access.',
+ gdprArticles: [
+ 'Article 9(1) - Special Category Data: Often linked to health/financial data',
+ 'Article 32 - Security of Processing: Encryption, access controls, pseudonymization mandatory',
+ 'Article 33 - Breach Notification: Immediate notification required',
+ 'Article 34 - Data Subject Notification: Notify individuals of breaches',
+ 'Article 35 - Data Protection Impact Assessment: DPIA required',
+ 'Recital 75 - High risk to rights and freedoms'
+ ],
+ actions: ['REMOVE IMMEDIATELY if possible', 'Encrypt with AES-256', 'Never display in full', 'Implement strict access controls', 'Conduct DPIA', 'Enable breach detection', 'Maintain audit logs']
+ },
+ 'US_SSN': {
+ why: 'US Social Security Numbers are permanent government identifiers linked to financial, medical, employment, and government benefits.',
+ impact: 'CRITICAL RISK: Highest identity theft risk. Compromise leads to decades of fraud, financial damage, and cannot be changed.',
+ gdprArticles: [
+ 'Article 9(1) - Special Category: Links to health and financial data',
+ 'Article 32 - Security Measures: State-of-the-art encryption required',
+ 'Article 33 - Breach Notification: 72-hour notification to supervisory authority',
+ 'Article 34 - Communication to Data Subjects: Immediate notification',
+ 'Article 35 - DPIA: Mandatory impact assessment'
+ ],
+ actions: ['Encrypt end-to-end with AES-256', 'Use last 4 digits only for display', 'Implement multi-factor authentication', 'Enable breach detection', 'Create comprehensive audit trails', 'Apply tokenization', 'Conduct annual security audits']
+ },
+ 'CREDIT_CARD': {
+ why: 'Credit card numbers provide direct access to financial accounts and purchasing power, subject to PCI-DSS and GDPR.',
+ impact: 'CRITICAL RISK: Financial fraud, unauthorized transactions, PCI-DSS violations (fines up to $500K/month), GDPR violations (4% global revenue).',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data: Financial identifiers',
+ 'Article 32 - Security of Processing: PCI-DSS Level 1 compliance mandatory',
+ 'Article 33 - Breach Notification: Immediate reporting required',
+ 'Article 34 - Data Subject Notification',
+ 'PCI-DSS Standards: Cannot store CVV, must tokenize'
+ ],
+ actions: ['Tokenize immediately', 'Never store CVV/CVC', 'Use PCI-compliant vault', 'Implement fraud detection', 'Apply end-to-end encryption', 'Use 3D Secure', 'Maintain PCI-DSS certification', 'Conduct quarterly security scans']
+ },
+ 'CARD': {
+ why: 'Card numbers enable direct financial access.',
+ impact: 'CRITICAL RISK: Financial fraud and PCI-DSS violations.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data',
+ 'Article 32 - Security Measures',
+ 'PCI-DSS Compliance'
+ ],
+ actions: ['Tokenize immediately', 'Use PCI-compliant vault', 'Never store CVV']
+ },
+ 'IP_ADDRESS': {
+ why: 'IP addresses are online identifiers that track user behavior, reveal location, and enable device fingerprinting across websites.',
+ impact: 'MEDIUM RISK: Enables tracking across websites, reveals approximate location, can be linked to individuals, violates ePrivacy Directive.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data: Online identifier',
+ 'Article 6 - Lawful Basis: Requires consent or legitimate interest',
+ 'ePrivacy Directive - Consent for cookies and tracking',
+ 'Recital 30 - Online identifiers and IP addresses',
+ 'Article 21 - Right to Object to profiling'
+ ],
+ actions: ['Truncate last octet for IPv4', 'Hash for analytics', 'Implement IP anonymization', 'Reduce retention period to 90 days', 'Provide opt-out for tracking', 'Apply differential privacy']
+ },
+ 'IP': {
+ why: 'IP addresses are online identifiers enabling tracking.',
+ impact: 'MEDIUM RISK: Cross-site tracking and location revelation.',
+ gdprArticles: [
+ 'Article 4(1) - Online Identifier',
+ 'Article 6 - Lawful Basis',
+ 'ePrivacy Directive'
+ ],
+ actions: ['Truncate IP addresses', 'Hash for analytics', 'Reduce retention']
+ },
+ 'MEDICAL_LICENSE': {
+ why: 'Medical information is SPECIAL CATEGORY DATA under GDPR Article 9, requiring the highest level of protection due to discrimination risks.',
+ impact: 'CRITICAL RISK: Health data breach leads to discrimination, insurance denial, employment issues, severe privacy violations, and HIPAA fines.',
+ gdprArticles: [
+ 'Article 9(1) - Special Category (Health Data): Explicit consent required',
+ 'Article 9(2)(h) - Health/social care exception',
+ 'Article 32 - Security of Processing: Encryption mandatory',
+ 'Article 35 - DPIA: Impact assessment required',
+ 'Article 25 - Data Protection by Design',
+ 'HIPAA Compliance (if applicable)'
+ ],
+ actions: ['Encrypt with healthcare-grade security (AES-256)', 'Implement role-based access control (RBAC)', 'Conduct Data Protection Impact Assessment', 'Apply strict retention policies', 'Ensure HIPAA compliance', 'Use de-identification techniques', 'Maintain comprehensive audit logs']
+ },
+ 'MEDICAL': {
+ why: 'Medical data is special category data requiring explicit consent.',
+ impact: 'CRITICAL RISK: Discrimination and severe privacy violations.',
+ gdprArticles: [
+ 'Article 9(1) - Special Category (Health)',
+ 'Article 32 - Security',
+ 'Article 35 - DPIA Required'
+ ],
+ actions: ['Encrypt data', 'Implement RBAC', 'Conduct DPIA']
+ },
+ 'US_DRIVER_LICENSE': {
+ why: 'Driver license numbers are government-issued identifiers used for identity verification across financial, healthcare, and government systems.',
+ impact: 'HIGH RISK: Identity fraud, fake ID creation, unauthorized access to services, and DMV record access.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data: Government identifier',
+ 'Article 6 - Lawful Processing: Document lawful basis',
+ 'Article 32 - Security Measures: Encryption and access controls',
+ 'Article 15 - Right of Access: Individuals can request data',
+ 'Article 17 - Right to Erasure: Deletion on request'
+ ],
+ actions: ['Hash or encrypt license numbers', 'Limit to identity verification only', 'Never display in full', 'Implement verification logging', 'Apply pseudonymization', 'Enable deletion mechanisms']
+ },
+ 'LICENSE': {
+ why: 'License numbers are government identifiers.',
+ impact: 'HIGH RISK: Identity fraud and unauthorized access.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data',
+ 'Article 6 - Lawful Processing',
+ 'Article 32 - Security'
+ ],
+ actions: ['Hash license numbers', 'Limit to verification', 'Never display in full']
+ },
+ 'US_PASSPORT': {
+ why: 'Passport numbers are international identity documents used for travel and high-security identification, recognized globally.',
+ impact: 'CRITICAL RISK: International identity fraud, unauthorized travel booking, visa fraud, and access to secure facilities.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data: Unique government identifier',
+ 'Article 32 - Security Measures: State-of-the-art encryption required',
+ 'Article 35 - Impact Assessment: DPIA for high-risk processing',
+ 'Article 5(1)(f) - Integrity and Confidentiality',
+ 'Cross-border data transfer regulations'
+ ],
+ actions: ['Encrypt with strong encryption (AES-256)', 'Restrict access to authorized personnel only', 'Implement tamper detection', 'Apply geographic access controls', 'Maintain detailed audit trails', 'Use tokenization', 'Implement MFA for access']
+ },
+ 'PASSPORT': {
+ why: 'Passport numbers enable international identification.',
+ impact: 'CRITICAL RISK: International fraud and unauthorized travel.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data',
+ 'Article 32 - Security Measures',
+ 'Article 35 - Impact Assessment'
+ ],
+ actions: ['Encrypt passports', 'Restrict access', 'Implement tamper detection']
+ },
+ 'US_BANK_NUMBER': {
+ why: 'Bank account numbers provide DIRECT ACCESS to financial accounts and enable ACH transfers, wire transfers, and direct debits.',
+ impact: 'CRITICAL RISK: Unauthorized withdrawals, ACH fraud, wire transfer fraud, complete account takeover, and financial ruin.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data: Financial identifier',
+ 'Article 32 - Security Measures: Encryption and tokenization mandatory',
+ 'Article 33 - Breach Notification: 72-hour notification',
+ 'Article 34 - Data Subject Notification: Immediate alert to account holders',
+ 'PSD2 - Strong Customer Authentication required'
+ ],
+ actions: ['Tokenize immediately', 'Never display account numbers', 'Use secure payment gateways', 'Implement transaction monitoring', 'Apply multi-factor authentication', 'Use Strong Customer Authentication (SCA)', 'Enable fraud alerts', 'Encrypt at rest and in transit']
+ },
+ 'BANK_ACCOUNT': {
+ why: 'Bank account numbers enable direct financial access.',
+ impact: 'CRITICAL RISK: Financial fraud and account takeover.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data',
+ 'Article 32 - Security Measures',
+ 'Article 33 - Breach Notification'
+ ],
+ actions: ['Tokenize accounts', 'Never display numbers', 'Implement MFA']
+ },
+ 'DOB': {
+ why: 'Date of birth is a quasi-identifier that combined with other data enables re-identification and age-based discrimination.',
+ impact: 'MEDIUM-HIGH RISK: Combined with name and zip code, enables 87% re-identification rate. Age discrimination risk.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data: Quasi-identifier',
+ 'Article 5(1)(c) - Data Minimization: Use age ranges instead',
+ 'Article 9 - Special Categories: Can reveal protected characteristics',
+ 'Article 22 - Automated Decision-Making: Age-based profiling restrictions',
+ 'Recital 26 - Pseudonymization reduces risks'
+ ],
+ actions: ['Use age ranges instead of exact DOB', 'Apply k-anonymity (k≥5)', 'Generalize to year or month', 'Separate from other identifiers', 'Implement access controls', 'Apply l-diversity']
+ },
+ 'ZIP_CODE': {
+ why: 'ZIP codes are geographic quasi-identifiers. Research shows 87% of US population uniquely identified by ZIP + DOB + Gender.',
+ impact: 'MEDIUM RISK: When combined with DOB and gender, enables 87% re-identification. Reveals socioeconomic status and demographics.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data: Quasi-identifier',
+ 'Article 5(1)(c) - Data Minimization',
+ 'Article 32(1)(a) - Pseudonymization',
+ 'Recital 26 - Anonymization techniques',
+ 'Article 25 - Data Protection by Default'
+ ],
+ actions: ['Generalize to first 3 digits', 'Use geographic aggregation', 'Apply k-anonymity', 'Combine with other anonymization techniques', 'Separate from name and DOB']
+ },
+ 'IBAN_CODE': {
+ why: 'IBAN (International Bank Account Number) provides access to bank accounts across European Economic Area.',
+ impact: 'CRITICAL RISK: International financial fraud, SEPA direct debit fraud, and cross-border money theft.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data',
+ 'Article 32 - Security of Processing',
+ 'Article 33 - Breach Notification',
+ 'PSD2 - Strong Customer Authentication'
+ ],
+ actions: ['Tokenize IBAN', 'Implement SCA', 'Use secure payment processors', 'Enable fraud monitoring', 'Apply encryption']
+ },
+ 'CRYPTO': {
+ why: 'Cryptocurrency addresses and wallets are permanent financial identifiers that cannot be changed if compromised.',
+ impact: 'CRITICAL RISK: Irreversible financial theft, no fraud protection, transaction history exposure, wallet draining.',
+ gdprArticles: [
+ 'Article 4(1) - Personal Data: Cryptocurrency addresses can identify individuals',
+ 'Article 5(1)(f) - Security Principle',
+ 'Article 32 - Security Measures: Multi-signature and cold storage',
+ 'Article 17 - Right to Erasure: Blockchain immutability challenges'
+ ],
+ actions: ['Use multi-signature wallets', 'Implement cold storage', 'Never display private keys', 'Use hardware security modules', 'Apply address rotation', 'Implement withdrawal limits']
+ }
+ };
+
+ // Fallback for unmapped PII types
+ const riskInfo = riskExplanations[pii.type] || riskExplanations[pii.type.toUpperCase()] || {
+ why: 'This data type contains personal information that could identify individuals or reveal sensitive patterns according to GDPR Article 4(1).',
+ impact: 'POTENTIAL RISK: May violate privacy regulations if not properly protected. Could enable tracking, profiling, or discrimination.',
+ gdprArticles: [
+ 'Article 4(1) - Definition of Personal Data',
+ 'Article 5 - Principles: Lawfulness, Fairness, Transparency',
+ 'Article 6 - Lawful Basis Required for Processing',
+ 'Article 24 - Responsibility of the Controller',
+ 'Article 25 - Data Protection by Design and Default'
+ ],
+ actions: ['Review necessity of this data field', 'Apply appropriate anonymization techniques', 'Implement access controls and audit logging', 'Document lawful basis for processing', 'Conduct Privacy Impact Assessment']
+ };
+
+ return (
+
+
+
+
+ {/* Feature Header */}
+
+
+
+
+ {pii.severity === 'CRITICAL' ? '🔴' :
+ pii.severity === 'HIGH' ? '🟠' :
+ pii.severity === 'MEDIUM' ? '🟡' : '🔵'}
+
+
+
+ {pii.column}
+
+
+ PII Type: {pii.type.replace(/_/g, ' ')}
+ {pii.occurrences && (
+ <>
+ •
+ Found in: {pii.occurrences} rows
+
+ )}
+ {pii.confidence && (
+ <>
+ •
+ Confidence: {(pii.confidence * 100).toFixed(0)}%
+
+ )}
+
+
+
+
+
+ {pii.severity} RISK
+
+
+
+ {/* Why is this risky? */}
+
+
+
❓
+
+
WHY IS THIS FEATURE RISKY?
+
{riskInfo.why}
+
+
+
+
+ {/* Impact */}
+
+
+
⚠️
+
+
POTENTIAL IMPACT IF EXPOSED
+
{riskInfo.impact}
+
+
+
+
+ {/* GDPR Articles Violated */}
+
+
+
⚖️
+
+
GDPR ARTICLES VIOLATED / APPLICABLE
+
+ {riskInfo.gdprArticles.map((article, i) => (
+
+ •
+ {article}
+
+ ))}
+
+
+
+
+
+ {/* Recommended Actions */}
+
+
+
✅
+
+
RECOMMENDED ACTIONS TO REDUCE RISK
+
+ {riskInfo.actions.map((action, i) => (
+ -
+ {i + 1}.
+ {action}
+
+ ))}
+
+
+
+
+
+
+
+ ) : (
+
+
✓
+
+
No PII Detected
+
Dataset appears to be free of personally identifiable information
+
+
+ )}
+
+ )} {/* Violations Section with Enhanced Design */}
{analyzeResult.risk_assessment.violations &&
analyzeResult.risk_assessment.violations.length > 0 && (
@@ -1074,54 +1572,242 @@ export function CenterPanel({ tab, onAnalyze }: CenterPanelProps) {
)}
- {/* Compliance Status */}
+ {/* Compliance Status - Enhanced with GDPR Article Details */}
{analyzeResult.risk_assessment.compliance_risks && (
-
-
+
+
📋
-
Compliance Status
+ Regulatory Compliance Status
-
+
{Object.entries(analyzeResult.risk_assessment.compliance_risks)
.filter(([key]) => ['gdpr', 'ccpa', 'hipaa', 'ecoa'].includes(key))
.map(([regulation, data]: [string, any]) => {
if (!data || typeof data !== 'object') return null;
+ const regulationInfo: Record
= {
+ gdpr: {
+ name: 'GDPR (General Data Protection Regulation)',
+ description: 'EU regulation protecting personal data and privacy',
+ keyArticles: [
+ 'Article 5 - Principles (lawfulness, fairness, transparency, purpose limitation, data minimization)',
+ 'Article 6 - Lawful basis for processing',
+ 'Article 7 - Conditions for consent',
+ 'Article 9 - Processing special categories of personal data',
+ 'Article 15-22 - Data subject rights (access, rectification, erasure, portability)',
+ 'Article 25 - Data protection by design and by default',
+ 'Article 32 - Security of processing',
+ 'Article 35 - Data protection impact assessment'
+ ]
+ },
+ ccpa: {
+ name: 'CCPA (California Consumer Privacy Act)',
+ description: 'California law providing privacy rights to consumers',
+ keyArticles: [
+ 'Right to Know what personal information is collected',
+ 'Right to Delete personal information',
+ 'Right to Opt-Out of sale of personal information',
+ 'Right to Non-Discrimination for exercising CCPA rights',
+ 'Notice at Collection requirements'
+ ]
+ },
+ hipaa: {
+ name: 'HIPAA (Health Insurance Portability and Accountability Act)',
+ description: 'US regulation protecting health information',
+ keyArticles: [
+ 'Privacy Rule - Protected Health Information (PHI) safeguards',
+ 'Security Rule - Administrative, physical, technical safeguards',
+ 'Breach Notification Rule - Incident reporting requirements',
+ 'Minimum Necessary Standard - Access limitation'
+ ]
+ },
+ ecoa: {
+ name: 'ECOA (Equal Credit Opportunity Act)',
+ description: 'US law prohibiting discrimination in credit decisions',
+ keyArticles: [
+ 'Prohibition of discrimination based on protected characteristics',
+ 'Adverse action notice requirements',
+ 'Record retention requirements',
+ 'Monitoring and reporting obligations'
+ ]
+ }
+ };
+
+ const info = regulationInfo[regulation] || { name: regulation.toUpperCase(), description: '', keyArticles: [] };
+
return (
-
-
-
- {regulation}
-
-
- {data.status}
-
+ {/* Header */}
+
+
+
+
+ {info.name}
+
+ {info.description && (
+
{info.description}
+ )}
+
+
+ {data.status === 'NOT_APPLICABLE' ? 'N/A' : data.status}
+
+
+
+
+ {/* Content */}
+
+ {data.applicable === false ? (
+
+ This regulation does not appear to apply to your dataset based on detected data types.
+
+ ) : (
+
+ {/* Score */}
+ {data.score !== undefined && (
+
+
Compliance Score:
+
+
0.7 ? 'bg-green-500' :
+ data.score > 0.4 ? 'bg-yellow-500' :
+ 'bg-red-500'
+ }`}
+ style={{ width: `${data.score * 100}%` }}
+ >
+
+
+ {(data.score * 100).toFixed(0)}%
+
+
+ )}
+
+ {/* Compliant Checks */}
+ {data.compliant_checks && data.compliant_checks.length > 0 && (
+
+
✓ Compliant Areas:
+
+ {data.compliant_checks.map((check: string, idx: number) => (
+
+ {check.replace(/_/g, ' ')}
+
+ ))}
+
+
+ )}
+
+ {/* Non-Compliant Checks */}
+ {data.non_compliant_checks && data.non_compliant_checks.length > 0 && (
+
+
⚠️ Non-Compliant Areas:
+
+ {data.non_compliant_checks.map((check: string, idx: number) => (
+
+ {check.replace(/_/g, ' ')}
+
+ ))}
+
+
+ )}
+
+ {/* Key Articles/Requirements */}
+ {info.keyArticles.length > 0 && (
+
+
+ 📖 View Key Requirements & Articles
+
+
+ {info.keyArticles.map((article, idx) => (
+
+ •
+ {article}
+
+ ))}
+
+ )}
+
+ {/* Bias Score for ECOA */}
+ {regulation === 'ecoa' && data.bias_score !== undefined && (
+
+
Bias Score (Discrimination Risk):
+
+
+
+ {(data.bias_score * 100).toFixed(1)}%
+
+
+
+ {data.bias_score < 0.3 ? 'Low discrimination risk' :
+ data.bias_score < 0.5 ? 'Moderate discrimination risk - monitor closely' :
+ 'High discrimination risk - immediate remediation required'}
+
+
+ )}
+
+ )}
- {data.score !== undefined && (
-
- Compliance Score: {(data.score * 100).toFixed(0)}%
-
- )}
- {data.applicable === false && (
-
- Not applicable to this dataset
-
- )}
);
})}
+
📌 Compliance Recommendations
+
+ {analyzeResult.risk_assessment.compliance_risks.recommendations.map((rec: any, idx: number) => (
+
+
+ {rec.priority}
+
+
+
{rec.recommendation}
+ {rec.rationale && (
+
{rec.rationale}
+ )}
+
+
+ ))}
+
+
)}