The last phase in the data security lifecycle is:

The final phase in the data security lifecycle isdestruction. After data is no longer required for business, legal, or regulatory purposes, it must be securely destroyed to prevent unauthorized recovery or misuse.

Encryption, backup, and archival are all earlier phases focused on protecting data during use, storage, and retention. Destruction ensures data is permanently removed through secure wiping, degaussing, or physical destruction of media.

Improper data disposal can lead to data breaches through remanence. NIST SP 800-88 provides detailed guidance on secure media sanitization and destruction methods. Secure destruction is especially critical for sensitive and regulated data such as PII, PHI, and financial records.