Backing up data is an essential part of the data management process. Hardware failure, virus infection, hacking, and loss or theft of hardware are all common realities that can have a devastating effect on research if proper back-up hasn't taken place. See the UK Data Archive's guidelines on Backing-up Data for more information.
Backing Up vs Storage
Back-up and storage are related concepts, but are not the same thing. While storage refers to ways of preserving files for the short- or long-term, back-up refers to preserving copies of your files in different physical locations and using different media to protect against data loss.
A good rule of thumb for backing up data is the 3-2-1 rule. It states that at least 3 total copies of data should exist, 2 of which are local but on different media (devices), and at least 1 copy should be stored offsite. The offsite storage is important in case of fires, floods, or theft.
While information security is concerned with protection, privacy is concerned with the sensitivity of data, the justification for collecting data, and decisions about notification and sharing. International, Federal, and State legislation and regulations may apply. Privacy issues vary greatly by location and subject matter of data, posing significant liabilities, especially with regard to protected personal information (PPI) and personal identifying information (PII). A few resources of note include:
The following university policies are potentially applicable to research data management.