Jump to Content
DMPTool logo

Try the DMPTool to create a data management plan.


Data Security is the protection of data from unauthorized access, use, change, disclosure and destruction. Make sure your data is safe in regards to:

  • Network security
    • Keep confidential data off the Internet
    • Put sensitive materials on computers not connected to the internet
  • Physical Security
    • Restrict access to buildings and rooms where computers or media are kept
    • Only let trusted individuals troubleshoot computer problems
  • Computer Systems & Files
    • Keep virus protection up to date
    • Don't sent confidential data via e-mail or FTP (use encryption, if you must)
    • Use passwords on files and computers


Things to consider when deciding on where and how to store your data:

  • Use file formats that will be useable in the long-term, not dependent on software version
  • CD & DVDs' media life are not reliable in the long-term, copy or migrate data to new media between 2 - 5 years after creation
  • Appropriate enviornmental conditions will increase the life-span of media
  • Consider security concerns listed above
  • Make backups of your data

Backups and Security

Making regular backups is an integral part of data management. Your personal computer, external hard drives, departmental or university servers are examples of places where you can make backup copies of your data. Software that makes backups for you automatically can simplify this process considerably. CDs or DVDs are not recommended because they fail so frequently. The UK Data Archive provides additional guidelines on data storage, backup and security.

Backup Your Data

  • Good practice is to have 3 copies (e.g. original + external/local backup + external/remote backup)
  • Geographically distribute your local and remote copies to reduce risk of calamity at the same location (power outage, flood, fire, etc.)

Data Backup Options

  • Hard drive (examples: via Windows 7 backup and restore, Mac Time Machine, Linux/UNIX rsync)
  • Tape backup system
  • Many UC campuses provide a service similar to UCBackup at UC Berkeley. Check with your campus IT support to see if backup service is available.
  • Cloud Storage - some examples of private sector storage resources include:

Secure Your Data

  • Unencrypted is ideal for storing your data because it will make it most easily readable by you and others in the future. But if you do need to encrypt your data because of its sensitivity:
    • Keep passwords and keys on paper (2 copies), with mainstream encryption tools (e.g., PGP)
    • Don't rely on 3rd party encryption alone
  • Uncompressed makes your data easier to read without special tools in the future, but if you need to compress files to conserve disk space, try to limit compression to the 3rd backup copy and use a mainstream compression tool (e.g., ZIP, GZIP, TAR).

Test your backup system

In order to make sure that your backup system is working properly, periodically try to retrieve your data files and make sure that you can read them. You should do this upon initial setup of the system and on a regular schedule thereafter.

Other questions to ask

Who is responsible for managing and controlling the data?

Who controls the data (e.g., the PI, a student, your lab, your university, your funder)? Before you spend a lot of time figuring out how to store the data, to share it, to name it, etc. you need to know if you have the authority to do so.

For what or whom are the data intended?

Who is your intended audience for the data? How do you expect they will use the data? The answer to these questions will help inform structuring and distributing the data.

How long should the data be retained?

Is there any requirement that the data be retained? If so, for how long? 3-5 years, 10-20 years, permanently? Not all data need to be retained, and some data required to be retained need not be retained indefinitely. Have a good understanding of your obligation for the data's retention.

Credit to the University of Virginia's Scientific Data Consulting Group and the MIT Libraries for permission to use and adapt their data management planning pages, and to members of the UC3 community. Please send us any comments about these guidelines.

Commons License

Last updated: April 30, 2013
Document owner: Perry Willett