Data Storage & Backup Guidelines
This document outlines recommended practices for securely storing and backing up university‑related data. Whether the material involves a doctoral thesis, ongoing research, or essential administrative records, data loss can occur due to hardware issues, accidental deletion, or cybersecurity threats such as ransomware.
Following these guidelines will help ensure that important information remains protected and can be recovered if something unexpected happens.
The 3-2-1 strategy
The industry standard for data protection is the 3-2-1 backup rule. This strategy eliminates single points of failure.
3 Copies of data
Keep your original file plus two backups.
2 Different media types
Store files on two different forms of media (e.g., your computer’s hard drive and the cloud).
1 Copy offsite
Keep one copy in a separate physical location (cloud storage counts as off-site).
Guidelines for Faculty & Staff
As university employees, you often handle sensitive institutional data. Understanding and following data protection and data classification standards is essential to ensure compliance with FERPA, HIPPA and university policies, like the Data Governance Policy.
When storing data, you should think of protecting it from unauthorized access and breaches. This can be achieved by knowing the sensitivity of the data, the classification of your data, and who needs to have access to this data.
Always use university data storage solutions. The data protection guide goes over where you can store the data based on its classification level, whether your data resides locally on a managed workstation or on a GW offered cloud solution.
Use managed storage services
In addition to saving files locally on your device, always maintain a backup on GW-provided enterprise storage and cloud services.
Storage Tool | Best Used For... | Regulated data | Restricted Data | Backup Frequency |
|---|---|---|---|---|
| GW Box | Official Collaboration. Administrative records, sensitive research data, and file sharing. | ✅ YES | ✅ YES | Enterprise (Cloud) |
| GW Documents (Documentum) | Official Records Management. Documents and records kept in perpetuity with direct Banner and EAS integration. | ✅ YES | ✅ YES | Enterprise (Cloud) |
| Google Drive | Real-time Collaboration. Drafting, group projects, and shared docs. | ❌ NO | ✅ YES | Enterprise (Cloud) |
| Microsoft OneDrive | Individual Work. Personal drafts, "Work in Progress" files, and Microsoft Office integration before sharing. | ❌ NO | ✅ YES | Enterprise (Cloud) |
| Research NAS | Research Data. Large raw datasets, instrument data outputs, and high-performance computing needs. | ⚠️ *Follow data classification & data management plans
| ✅ YES, contact Research Technology Services for consultations (rtshelp gwu [dot] edu) | Data Replication Only (No snapshot/tape backup) |
| Computers & Laptops | Temporary Storage. Active work and temporary local processing. | ⚠️**Temporary processing only. | ⚠️**Temporary processing only. | ⚠️ Individually managed. Save copies in cloud storage. |
| USB & Removable Media | Temporary Storage. Physical transport only. | ❌ NO | ❌ NO | ❌ None |
Note: Avoid storing the only copy of important data on your computer, or on a USB drive, as these can be lost, stolen, or damaged. To reduce this risk, save important or final files to a cloud service such as Box which provides backup and version history. *Check Agreements: Usage is contingent upon individual data classifications. Review your Data Management Plan or Usage Agreements to ensure this platform is an approved environment for your specific dataset. For additional support regarding data classification, compliance requirements, or the access and disposal of sensitive information, please contact: Data Governance Team: dgc **Temporary processing only: Regulated and Restricted data may be accessed for active work on secure GW-managed devices, but the data may not be downloaded, stored or synchronized to a personally owned device. | ||||
Protect sensitive data
- Cloud Storage
- DO use BitLocker (Windows) or FileVault (macOS) to encrypt external hard drives if you must transport sensitive data physically.
- DON’T back up files containing Social Security numbers, health records, or student financial data to personal cloud services (e.g., personal Gmail, Dropbox, or iCloud accounts).
- Physical & External Media
- DO use BitLocker (Windows) or FileVault (macOS) to encrypt external hard drives if you must transport sensitive data physically.
- DON’T store regulated or restricted data on unmanaged or unencrypted local devices, such as personal computers or non-encrypted USB thumb drives.
External storage is sometimes necessary for transporting large datasets. If your workflow requires this, ensure the device is encrypted (using BitLocker or FileVault) and that the data is moved to secure enterprise storage (Box, OneDrive, etc.) as soon as transport is complete.
- Physical Records (Paper & Hardware)
- DO keep physical media and paper records in a secure, locked location (e.g., a locked filing cabinet or office) at all times.
- DON’T allow access to physical data for anyone except authorized users with a documented, legitimate business need.
Guidelines for students
Your academic work is your intellectual property. While the university provides some tools, you are primarily responsible for backing up your personal devices and assignments.
Automate your backups
Don't rely on remembering to back up. Set it and forget it.
- Cloud sync: Use services like OneDrive (provided by your student email), Google Drive, or iCloud. These sync your files in real-time. If your computer crashes, you can log in from a library computer and keep working.
- External drives: For large files (like video projects or art portfolios), use an external hard drive: Configure Windows Backup or Apple’s Time Machine to run automatically whenever the drive is plugged in.
Verify your files
Just because a backup runs doesn't mean it worked. Once a month, check your backup folder to ensure your most recent files and projects are actually there.
Best practices for everyone
1. Organize your folders
It is easier to back up data when you know where it is. Keep all your working files in specific folders (e.g., "Documents," "Research 2025") rather than scattering them on your desktop.
2. Test your recovery
A backup is only useful if you can restore it. Occasionally, try to open a file from your backup location to ensure the data isn't corrupted.
3. Be wary of ransomware
Ransomware can infect attached backup drives.
- Disconnect external drives when you aren't actively backing up.
- Use versioning: Cloud services like OneDrive keep "versions" of files. If a file gets infected, you can roll it back to a version from yesterday.
4. Mobile device backups
Enable automatic cloud backups for your phone or tablet to protect photos, contacts, and notes. Many apps, like Google Photos, OneDrive, or iCloud Photos, also offer their own automatic sync options to help keep important data protected.
5. Delete unnecessary files
Storing unneeded data creates clutter, increases security risks, and adds storage costs for both you and the university. Regularly clear out your ‘Downloads’ folder and empty your Recycle Bin/Trash to reduce your digital footprint. Check the Records Management Policy before deleting official records.