3, 2, 1 rule

3 copies, 2 storage media, 1 copy offsite.

The Backup Rule of Three

• Make 3 copies (1 original + 1 external and local + 1 external and remote)
   
• Store copies such that they are geographically distributed (local vs. remote depends on recovery time needed)

If you choose to use CDs, DVDs and USB flash drives for working data or backup copies, you should:

• Choose high quality products from reputable manufacturers.

• Follow the instructions provided by the manufacturer for care and handling, including environmental conditions and labelling.

• Regularly check the media to make sure that they are not failing, and periodically 'refresh' the data (that is, copy to a new disk or new USB flash drive).
   
• Ensure that any private or confidential data is password-protected and/or encrypted.

For suggestions of external drive and offsite/cloud backup tools, consult the CUNY Academic Commons guide to Data Management Tools.

You should always have up-to-date anti-virus software installed on your office and home computer. McAfee VirusScan software for Windows and Mac is might be available for free download to all CUNY faculty, staff, and students from the CUNY eMall.

You should also be aware of physical security. A computer that is not connected to a network is still vulnerable to theft and malicious damage/modification to data.

For suggestions of password management tools, consult the CUNY Academic Commons guide to Data Management Tools.

If you have sensitive data that is covered by privacy laws or confidentiality agreements, it is best to store it on a computer that is not connected to any network. If this is not possible, then you should encrypt your data. For more information on encryption software, see below.

Drives and disks where confidential data are stored should be encrypted, as should any electronic means (e.g., email) used to transmit confidential data. There are many proprietary and open-source encryption applications available. Encryption keys should always be written down and stored in two separate, secure locations.

TrueCrypt is a free open-source disk encryption software for Windows, Linux, and MacOS.

AxCrypt is encryption software that integrates into Windows Explorer.

GPGTools (OS X) and Gpg4win (Windows) are free, open-source email encryption applications that use  GPG (GNU Privacy Guard).

Mailvelope is an application for encrypting webmail like Gmail, Outlook.

If you will be collecting data outside the United States, make sure that your encryption software will not violate Export Control regulations.

All CUNY faculty members, postdoctoral scholars, graduate and undergraduate students involved in human subjects research as key personnel must complete the applicable Basic Course (e.g. HSR for Social & Behavioral Faculty, Graduate Students, & Postdoctoral Fellows) in the protection of human subjects prior to Institutional Review Board (IRB) approval of their protocol.  See more info about research compliance courses.

Rebecca Banchik is the GC's Director of the Human Research Protection Program.

 Adrienne Klein, is the GC's Director of Special Projects and Research Integrity Officer, of Research and Sponsored Programs.  

CUNY Computing and Information Services: Security Policies & Procedures

CUNY Computing and Information Services: Endpoint Encryption Best Practices

CUNY Human Research Protections Program

CUNY Academic Commons: Data Management Tools (Note: Some of the tools listed on this page may not be appropriate for data management plans or long-term data management.)