Human rights groups gather and store important data, such as evidence of abuses, documentation on corruption and witness testimonies. This data can be vulnerable to a variety of threats that could result in a partial or total loss, including:
- Flooding or fire
- Lost or broken devices
- Hardware or software failures
- Malicious attacks such as viruses
- Human error
And that’s why it’s important to regularly make copies of the data. Although it might require some time to develop and implement a consistent back-up plan, it is worth the effort because recreating or restoring data is stressful, expensive, and sometimes impossible. You’ll want to draft a policy that allows you to consistently and appropriately back up your data with minimum resources and effort. Below are some best practices for creating a back-up plan.
Map out the data that you have
Before you can figure out the best way to back up your data, you need to know what you’ve got. What kind of information do you have, where does it live, how sensitive is it, and how important is it that you don’t lose it? For example:
|Type of info
|Where it lives
|Level of sensitivity
|Priority of back-up
|International human rights legislation
|In a desktop folder on your work computer
|News articles covering human rights abuses
|In a shared Google Drive
|Direct witness testimonies
|In an encrypted folder on your personal computer and sometimes on your phone
It’s a good idea to create a map similar to the above to help take stock of your data. This can be especially helpful if you work with a team of people. For group activities that help address these questions and create a shared understanding of the risks of data loss, take a look at this guide on LevelUp.
Make sure your data is secure and you have reliable access
The purpose of making back-ups is to retain access to your data in the event that it’s lost or damaged. Therefore it’s important to think about accessibility when choosing a storage solution. For example, if you travel to a place with limited internet access, your back-up should be stored offline. It is also recommended to test out whichever back-up storage solution you choose before you will actually need it.. When looking at where to store your data, there are three common options:
- Cloud (aka online) back-up: One of most common back-up solutions nowadays. It’s easy to use, and some services offer synchronization through a desktop application (e.g. ownCloud, Google Drive, Dropbox).
- On-site back-up: This is when you copy and save your data to another hard drive (e.g. USB drive, hard drives, external drives). This is usually implemented manually; however, there are options to automate the process.
- Manual back-up: This is possible to perform both on and offline. Offline options are less common; however, they are useful for important physical documents. An example of online manual back-up would be saving your data to a media storage service (e.g. Google apps).
Each approach has its strengths and weaknesses, so it really depends on the kind of the type of data you’re working with and its sensitivity.
|Type of back-up
|Weaknesses or Considerations
|-Can be synchronized and automated
-Generally has good usability
-Usually easy to restore information
-Added value for multi-location teams
-For confidential data, files can usually be encrypted before storing online
|-Trust: you need to trust the host with your data, that they will not access it, use it, share it, delete it
-Hosting: some software can be hosted by you or by your website hosting company
-Not available offline
|-Easy and fast to save and transport data, if necessary
-USBs and hard drives are affordable
-Doesn’t require high technical skills
-Files can be encrypted
-Provides a snapshot of the information at a certain time.
|-Potential physical threat to your data (e.g. an office can be broken into and hard drives and servers with your data can be stolen)
-Potential physical damage to the device (e.g. fire, flood, technical crash)
-Can be automated but not synchronized
-Makes a snapshot of the time when the copy was made but does not track changes or development in the data
|-Useful for single documents
-Useful for capturing the development of a document
-Good for future reference
-Hard copy may be required for important original files, or for confidential data (for example, the content of your password manager)
|-Cannot serve as a complete back-up plan, because it is difficult if not impossible to manually copy and save *all* files
-Potential damage to files (e.g. fire, flood, humidity, heat)
-Must be stored in a reliable and secret location
In general, it is recommended to have your data stored in three different places, so you’ll probably end up using a variety of these methods. Choosing the right back-up technology is another important step to ensure the reliable access to your data and protection of it. A few considerations include:
- Is the data encrypted in transit?
- Is the data encrypted at rest (in storage)?
- Is the technology open source? Has the code and security been audited by an external company?
- Do you trust the hosting company? If not, can you host the technology and data yourself?
- Is the technology affordable, if not free?
- Does your team require technical training to use it?
- Most important: Any software you choose should solve your back-up challenges and not add to them.
Consistency is key
Your back-up plans will only be successful if you do them! Successful back-ups are consistent back-ups, so get into some good habits like backing up your most important working files every Friday. (In fact, there’s a whole community of Friday back-upers on Twitter via #FridayDiscoBackup who want to share their favorite back-up tunes with you!) Or, set up your software to run automatically each week in the background. Just make sure it’s getting done on a consistent basis, and be sure to test it regularly. How much of this data do you need to back up? You may want to include these decisions in your data map explained above. Here are the most common options:
- Full back-up: includes all your documents and data.
- Incremental back-up: includes only files changed or created since the last full back-up.
- Differential back-up: includes the documents that have been changed and new data created since the latest full or incremental back-up. As a rule, critical information should be backed up, before and after each considerable change.