Where data is stored and how it is kept secure throughout the research process is critical. Funding agencies may require that you retain data for a given period and will likely ask you to explain in a data management plan how you will store and back it up, and how you will manage the security of and access to your data. If you will be working with large data sets (with larger storage and backup needs) you should contact your departmental IT staff, DoIT, or us for consultative assistance. You can refer to our chart about the various storage and backup options available to faculty, students, and staff at UW-Madison.

Tip: When writing your DMP, you’ll also want to consider who will be responsible for ensuring that files are stored and backed-up properly. Funding agencies are increasingly looking for details related to “roles and responsibilities.”

Storage is the act of keeping your data in a secure location that you can access readily. Files in storage should be the working copies of your files that you can access and change regularly.

Backup is the practice of keeping additional copies of your data in separate physical or cloud locations from your files in storage. Backup copies are copies you would access in the case of data loss and needing to access previous versions of your work.

Storage systems often provide mirroring, in which data is written simultaneously to two drives. This is not the same thing as backup since alterations in the primary files will be mirrored in the second copy.

A good rule to go by with storing and backing up copies of your work is LOCKSS (Lots Of Copies Keep Stuff Safe), and to keep each copy as physically far apart from the other copies as possible to prevent damage by natural disaster, such as a fire or flood occurring in the lab where the research is being performed. It’s a good idea to follow the rule of three when thinking about this: you should keep three copies of your data, two backup copies should be kept on different devices or storage media, and one backup copy should be kept off-site. This might look like:

  • One copy in active storage. This is a copy you are regularly accessing and working on during your research. It will likely be on your computer or a lab’s shared network drive.
  • A second copy on a different device on- or off-site, such as an external hard drive in your office or a backup server provided by your IT department.
  • A third copy, preferably off-site. This might be on a cloud application like Box, Google Drive, or another appropriate cloud solution.

Creating a Backup Schedule

Depending on the hardware or cloud systems you use, there are a number of automatic backup options. Some cloud tools have a sync option that will automatically sync certain files and folders depending on the settings you provide. The IT contacts in your departments may also have automatic solutions for you. For more information on backing up your data and a list of recommended options, visit our Data Storage and Backup page.

Data security is a critical aspect of data storage, and details about how you will secure your data is always something that funders look for in DMPs. You can address this by stating if the security of your data is something that will be managed technologically or by locking it in an access-controlled, secure room.

If any of the following policies affect the management of your data, you will need to address them in a DMP, as they will affect how you can store and share your data.

  • HIPAA (Health Information Portability and Accountability Act)
    • HIPAA’s privacy rule set protections for the privacy of protected health information (PHI) and set limits on sharing it. For questions about abiding by HIPAA regulations, contact a campus privacy and security coordinator.
  • FISMA (Federal Information Security and Modernization Act of 2014)
    • FISMA works to ensure strong protection over federal information and information systems against cybersecurity threats. The Office of Cybersecurity should be contacted if you need assistance with or have questions about FISMA.
  • FERPA (Federal Educational Rights and Privacy Act)

Writing Prompts:

  • Who is responsible for managing machines and equipment?
  • Where will the data be stored and backed up?
  • What level of security does your research project require?

This content was adapted from Iowa State University Library’s Data Management Plan Guide.