To be compliant with GDPR and other digital privacy legislation, we need to be able to remove a learner's personally identifiable information (PII) at their request.
OEP-30 documents some of the required tooling/processes to build this into the edX platform. addressed the documentation component in `edx-proctoring`, adding annotations to identify models containing PII, but have been marked as `to-be-implemented` until our retirement tooling is in place.
This task is to create retirement APIs and build them into the retirement pipeline to remove PII stored in `edx-proctoring` at the learner's request.
See this tutorial for how to create methods to scrub fields and hook into the existing pipeline:
Note also: the PII Safelist identifies slightly different PII than was identified in the last ticket, they should be compared for accuracy: