Even the most thoughtful and meticulous approach to securing and backing up data cannot prevent data loss 100% of the time. Therefore, the emphasis of this guide is on methods of risk reduction, rather than complete risk removal. Individuals whose research involves sensitive data - especially those that are protected by laws such as FERPA or HIPAA - will likely need to take additional precautions to make sure that appropriate levels of data privacy and security are maintained.

Potential risks to data are varied and include:

• Disasters (e.g., fires, floods)
• Human error (e.g., accidental deletion, lost storage device)
• Hardware failure
• Cyber attack
• Data corruption
• Data unavailability (e.g., network outage, power failure)
• Deletion/loss during off-boarding of project members

The remainder of this guide focuses on providing information and actionable steps to improve your approach to data storage and security, with the goal of reducing your overall risk of losing valuable research data and other files.

Types of Storage Media

Storage devices come in a variety of different formats, each of which carry their own unique risks. For example, magnetic storage (such as hard disk drives) is vulnerable to magnetic field exposure, while flash storage (e.g., solid-state drives) can weaken over time and fail to hold a charge.

Cloud Storage

Although storing data "on the cloud" in platforms such as Dropbox, Google Drive, and OneDrive can feel robust and low-risk, it is important to remember that cloud platforms are not immune to security breaches or other forms of data loss. It may be helpful to conceptualize cloud storage as similar to storing data on someone else's computer. In that kind of scenario, you would probably want alternative locations to save your data in case something happened to the other person's computer or your ability to access it.

Choosing Appropriate Storage Devices

Factors such as cost, storage volume, and device availability will influence the types of storage devices used to store data. Additionally, data may be subject to additional limitations on storage device use based on

• Involvement of human research participants (e.g., FERPA and HIPAA regulations)
• Collection of sensitive data for endangered or otherwise vulnerable species
• National security concerns
• Trade secrets or other proprietary data

OSU has a number of resources and services that can support your use of storage devices:

Although data security is certainly more urgent for projects that collect data with specific privacy, confidentiality, or other access concerns, all research projects benefit from a certain level of controlled access.

Non-Digital Data

These data include handwritten or other printed/paper documents as well as physical research products (e.g., biological or environmental samples, artwork, fossils, prototypes). Two primary approaches to securing and protecting non-digital data are:

• Lock-and-key protections
  • Provide physical barriers (e.g., locked cabinets or doors) to accessing materials and spaces
  • Keys, passcodes, and keycard access limit access to approved personnel
• Digital back-ups (if possible)
  • Scan or take good quality photos of physical data sheets and other paper documents

Digital Data

These data are already stored in digital space, so considerations for their security and protection include:

• Encrypted storage
• Password-protected devices and/or accounts
• Selection of appropriate storage media and/or platforms (especially for sensitive data)
• Deletion of potentially compromising file metadata before sharing data
  • For example, certain image file types may contain GPS coordinates, which could potentially expose the geographic location where the image was taken. This could potentially compromise protections of a vulnerable species or population
• Refraining from importing data directly into AI tools
  • It is your job to understand whether and where your data will be stored, shared, or accessible to others via that AI tool
  • Aside from privacy and confidentiality concerns for sensitive data, this could count as disclosure and affect your ability to obtain a patent

Data Back-Up Guidelines

3-2-1 Rule

This approach to data back-ups recommends:

• 3 copies of files (1 primary version plus 2 back-ups)
• Use of 2 different storage media (ideally different types)
• With 1 copy stored offsite and/or offline

Here-Near-Far Rule

This approach to data back-ups recommends you maintain 1 copy of your data in each of the following locations:

• Here - this primary version is a local copy on your laptop or desktop computer
• Near - this copy is external and local, such as on an external hard drive or network drive
• Far - this copy if external and remote, such as on a cloud storage platform

Considerations for Back-Ups

The decisions you make around the frequency and breadth of your data back-ups will depend on your answers to a variety of questions. The list below outlines primary questions, as well as some secondary considerations to help guide your decisions.

• What storage devices are you using to back data up on?
  • Which files do you need to back up?
  • How much data are you backing up?
  • Do you have funding to pay for additional devices and/or storage space?
    • Different storage devices and platforms have different amounts of storage they can provide
• How frequently are you doing back-ups?
  • How much data are you willing to lose if something happens to your primary storage device?

Manual VS Automated Back-Ups

There are advantages and disadvantages to both manual and automatic back-ups, but the solution that works best for you will depend on a variety of factors, including the frequency and breadth of your back-ups. Manual back-ups are reliant upon you (the human) to remember to do those back-ups, although you can make this process easier and more consistent through calendar reminders, reusable script, and other similar approaches. Automatic back-ups remove your responsibility of remembering to do them; however, because this approach lacks a consistent human touch, you risk backing up unnecessary files and even ransomware. 

Much of the content for this LibGuide was adapted from and inspired by a workshop presented at the 2025 Research Data Access and Preservation Association (RDAP) Summit, which is distributed under a CC BY-NC-SA 4.0 license.

You can also access presentation materials from a data security and back-up session provided as part of OSU's Spring 2025 Promoting Research Excellence series: