Security and privacy

That is a good question to ask, and I will be interested to see what someone who really knows about this (like Andrew Nicols) will say.

However, the answer you give to your own question seems reasonable to me.

Hi Jean-Michel,

Thanks for being on top of this already.

I'll answer each of your queries re the erasure functionality below.

don't really erase questions created but just anonymise the userid of the question creator (well in fact this is not my decision but this is how the question component privacy code works, so just declaring that my module use the core question component does that).

That's the correct approach as per our understanding. It's a little different in this case because the user creating the question is a student, but I would still suggest that this is the most appropriate solution.

erase manual grades received by a student for the questions they created

I disagree with this approach. Although the grades are written by one user, they are about, describe, and essentially belong to that other user. Since they are grades they also form the grade of that other user and are a part of that individuals record. It's also worth bearing in mind that the grades are all handled centrally by the core_grade component and should not be modified by plugins in this manner.

A deletion request of one individual should not impact upon the grading of another.\

if the user submitting the request to erase data has graded any question, I anonymise the grader id and suppress the comment in the grade record.

Again, I would say that this is not 100% correct. Similar to the manual grade, the comment should be preserved, but I think that anonymising the grader id would be acceptable.

I would suggest taking a look at mod_assign as this has similar functionality to your plugin.

Hope that this helps,

Andrew