The best answer is C. Data retention.
To avoid unnecessary liability after the end of a legal contract obligation with a third party, an organization should follow a proper data retention policy. Data retention policies define how long data must be kept and when it should be deleted or securely destroyed once it is no longer needed for legal, contractual, regulatory, or business purposes.
Keeping third-party data longer than necessary can increase:
legal exposure
privacy risk
breach impact
storage and governance burden
Why the other options are incorrect:
A. Data encryptionEncryption protects data confidentiality, but it does not address whether the data should still be retained at all.
B. Data classificationClassification helps determine sensitivity and handling requirements, but it does not define when data should be disposed of.
D. Data inventoryAn inventory helps identify what data exists, but it does not by itself reduce liability after contractual obligations end.
From the SY0-701 perspective, reducing liability after contractual or legal obligations end requires proper retention schedules and secure disposal, so C is the correct answer.
