Dealing with accumulated data.
There’s no single answer to this. It depends on why you created the backups and your own data “hygiene”, for lack of a better term. If you’re running a business, you may have additional considerations.
Data retention is the formal term, and different situations call for different policies.
Become a Patron of Ask Leo! and go ad-free!
How long to keep backups
- Most people should keep daily incremental backups plus a full monthly backup for three months.
- Keep backups long enough to recover from various problems, bearing in mind how quickly those problems might be detected.
- Backups made for different reasons may have different retention requirements.
- Businesses may be required to keep more backups for longer periods of time, depending on their industry.
- Special-purpose backups may have shorter or longer retention plans.
When in doubt
If you don’t want to put a lot of thought into it, I would fall back to a three-month recommendation. In slightly more detail, that means:
- Perform monthly full image backups of your entire machine.
- Perform daily incremental images building on those full image backups.
- Keeping the backups for three months.
Without knowing more about your situation, this represents a balance between recoverability — anything in the last three months can be recovered — and disk space — only three months’ worth need be kept.
Implications of how long you keep backups
Think of each backup as a representation of your computer as it was when the backup was taken. As a result:
- Yesterday’s backup: your machine and everything on it as it was yesterday.
- The day before yesterday’s backup: your machine as it was two days ago.
- The day before that: your machine as it was three days ago.
- And so on…
Let’s look at some examples of what that implies.
Malware
Let’s say your machine becomes infected with malware. As I’ve stated many times, restoring to a recent backup taken prior to the malware’s arrival is probably the fastest and most reliable way to completely remove it.
Ideally, you would notice the infection quickly and restore the previous day’s backup. But what happens if you fail to notice for, say, a week? Perhaps you don’t use your computer for a while. Maybe it takes a week to figure out that the odd behavior you’re experiencing is, indeed, malware.
If you keep only a few days of backups — say three days — all you have is a backup of your machine as it was three days ago, which is after the malware arrived. That backup, and all backups since, are infected. You no longer have a clean backup you can restore to.
Accidental deletion
Accidents happen, and sometimes we change our minds.
Let’s say on Monday you delete a file you believe you no longer need. You’re done with it, or so you think.
Then, later that week — perhaps Friday — you suddenly realize not only were you not done with it, but it turns out to be crucial.
Once again, if you only have three backups, you have backups of your machine as it was on Thursday, Wednesday, and Tuesday. But not on Monday. As a result, you no longer have a backup copy of the file you deleted: it’s gone.
File corruption
Either software or hardware can fail in such a way that a perfectly good file gets damaged to the point that it can no longer be opened or used. The file may be present, but its contents are so much garbage.
As above, let’s say on Monday your computer experiences an unexpected power loss and shuts down without warning.
Come Friday, you realize that a file you rely on to perform some end-of-week processing every Friday can no longer be opened — the application that tries to open it reports it as being broken, or of the wrong format. It looks like that power problem earlier in the week caused your hard disk to damage the file beyond repair.
Once again, with only three days of backups, you have your machine as it was on Thursday, Wednesday, and Tuesday — all after the damage happened. You no longer have a backup copy of the undamaged file.
Malware, deletion, corruption, and more — and how quickly they become apparent — are important to consider when planning your backup strategy.
Types of backups
For the average user, I think about three types of backups.
- Safety net: backups taken to protect yourself when taking a risky action.
- Regular: backups taken automatically on a schedule.
- Archive: backups intended for a long-term archive.
Let’s look at each.
Safety-net backups
Some backups are just a safety net created prior to a possibly risky event. If something goes wrong, you can restore your system to its pre-event status.
For example, you might back up your registry prior to installing software you don’t completely trust. Another example might be a system-image backup of your entire computer taken just before upgrading the operating system.
These types of backups are often temporary. Once the risk has passed and you’re certain you’ll never have to revert to that backup, there’s no need to keep it. You could keep it for a few moments, hours, days, or weeks, depending on what it takes to feel confident that you’ll never need it.
Regular backups
I consider regularly scheduled backups to be the single most important way to protect yourself from data loss and many other difficulties.
My recommendation is to automate a monthly full-image backup of your machine with daily incremental backups. While I’ve made a suggestion above, the specifics — monthly and daily — are less important than having something happen automatically, with no need for you to remember and take action.
There’s no set answer as to how long you should keep these, as it really depends on your own configuration, needs, and storage capacity. You might discard backups older than a month, or perhaps a year. You might decide to keep specific snapshots for longer, “just in case”, but discard the majority.
As just one example, here’s my retention schedule for backing up the PC I use as my primary work machine. I keep:
- Daily incremental backups for a month, until the next full backup occurs.
- Monthly full-image backups for at least three months.
- The full backup images of each quarter for an additional year.
- The first full backup image of each year pretty much forever.1
As I said, that’s just an example, and my needs might well be considered extraordinary compared to yours. (I use something from my backups perhaps once a year or so. Totally worth it.)
Archive backups
I want to mention one additional type of backup that many might not be considered to be a backup at all: what I call an archive.
An archive, to me, is a collection of data intended to be kept forever, even though it’s not necessarily needed now or needed daily. For example, those backups that I keep “pretty much forever” (mentioned above), might be considered archive copies of the long-defunct machines they represent. Similarly, the fact that I copy my photographs to cloud storage in addition to backing them up locally might also be considered archival.
The concept of archiving is truly data-dependent. There’s no need to archive your operating system updates for posterity, but your correspondence, photographs, and other more personal items might be appropriate for archival.
A rule of thumb
A good rule of thumb is to think long and hard, “Will I — or anyone — ever need anything from this backup ever again? And for how long might that need exist?”
Then keep it a while longer. 
Before answering that, we also need to look at what’s been backed up, and what the implications of “needing it again” might be.
Needing a backup
A complete system restore to a backup image resets everything on that machine to the condition it was in on the day the backup was taken.
Everything since the time that backup was made is lost.
For example, perhaps on September 1, I restore my computer to a full image backup that was taken on June 1. All changes between June 1 and September 1 (that haven’t been saved elsewhere) are lost.
As you can imagine, then, while I might very well restore to an image of a few days ago because of a system failure or other catastrophic event, I certainly won’t be restoring my system to the image taken on January 1 two years ago.
Those backups are valuable because of the files they contain. While I might never completely restore my entire machine to their contents, I can still use my backup software to explore and restore specific files from the backups taken on those earlier dates. And because they’re image backups — backups of absolutely everything — I know that anything on the machine at that time can be recovered.
So, how long should I keep backups?
There’s no general rule I can apply that would make sense for everyone.
Clearly, the first few days are important. Things like lost files, malware, and the like are often discovered quickly, and typically you’ll need to go back only a day or two when that’s the case. Of course, a sudden and total hard disk failure makes itself known quite quickly.
The questions I’d have you consider are:
- How confident are you that you’ll discover whatever you might want from your backup within the amount of time you keep your backups?
- What would be the cost — be it money, emotion, or just time to re-create it — should you be unable to recover something because you didn’t discover you needed it before your retention period passed?
- Is there any reason you can’t just throw more disk space at it and increase the number of backups you keep?
These questions apply for any time period you might choose to keep backups, be it three days, three months, or three years. For various reasons and in various situations, the proper retention period could be any of those, or even longer.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Related Video
Footnotes & References
1: In reality, “forever” often turns out to be about five or ten years. Every so often, I go into a clean-up frenzy and delete individual backups I’m confident will never, ever be needed.
Hello, Leo. I’m a 75-year old computer newbie …not really a “newbie” at my age, but a novice computer user nonetheless. I use a system called “Registry Booster” to “clean up” my registry …. I don’t know why I need to do this, but do it anyway. I only use this laptop for emailing to my kids and friends, for my Blockbuster account, to order online crap I don’t really need, to research stuff for crossword puzzles, “streaming” music sites and for online banking purposes. So, nothing really complicated or technical involved. So my comment is …..do I really need “backups” and a registry cleaner? If I don’t need backups and they’re taking up space, how can I delete same to allow more computer space?
If your computer’s hard disk was suddenly blank and everything on it were permanently lost, would that be a problem? If so, then you definitely need backups. And as that statement implies backups should never be to the same hard disk; they should be to another hard disk. These days that’s typically an external USB drive.
11-Feb-2009
I keep around 10 days worth of System Restore points. Sometimes it is the best or only way to uninstall something that didn’t work out. An uninstaller may leave a lot of stuff behind or not work at all.
As well as System State and My Docs backups (using the standard Microsoft tools), I use Macrium Reflect to create a ghost image once a week. I don’t make that many changes, so I find that keeping My Docs, System State, and a ghost image dating back two weeks is suitable for me. I also use Puppy Linux as a back up OS, so I can retreive .pst files and anything else I might need before restoring from a source that I might have made two days ago, but is never more than two weeks old.
To me System Restore is a joke, everything I’ve heard and experienced with it has been bad, so many misconceptions about it’s actual function and what it’s really for;
ie. if you get a virus System Restore will not cure you from the infection, it’s really poorly named; I have the SR service shut off and completely disabled on all my machines;
I use the third party product from Symantec: BESR (Backup Exec System Restore) which takes full drive images or can be setup to schedule full & incremental / differential backups and from that you recover your system in it’s entirety or portions that may get damaged from disk failure file corruption etc.
For my main machine I have every backup from the very first one taken when I had the machine built. I keep my “User Files” on a separate drive away from the OS & Programs drive C: My BESR drive images only contain the OS & Programs and I have a separate backup setup for my “user files”
mainly any file that I need or am currently working on I have a minimum of two copies in different locations usually two different drives
I find I need to clear out backups more often because the 2 TB drives fill up so fast (weekly full / daily incremental). Also, I just learned a lesson – Don’t forget to look at your backups once in awhile. I thought I had set up Macrium Reflect to backup my D drive as well as C when creating an image backup, but ooops, it wasn’t backing up D for weeks, about the time I upgraded to Windows 10. Luckily, I noticed it before something bad happened.
I’ve reported here and there a few times about the time I discovered corrupted files on the external disk that holds my working files. Then I discovered I had been backing up dozens of corrupted files for several months.
I’ve been keeping backups for almost a year, limited by the capacity of my five backup disks with near-daily, weekly, and monthly layers. I think I’ll take Leo’s hint and add another disk or two for annual backups. Disks are cheaper than data.
I don’t have an off-site place to keep backups. Instead, I keep my two weekly disks in my basement, in a plastic food-storage container.
I find the typical 1TB USB disks (Western Digital and Seagate) are too “cheap”. They fail too easily.
The accounting company where I work keeps backups forever. At the start of the month, the backup drive is swapped out and taken off-site, and eventually goes to long-term storage. And yes, there have been a few times when a drive (or previously, a tape) was retrieved from long-term storage.
Several commenters have mentioned this but I think it needs to be stated explicitly. The article talks about how long you might *want* to keep several types of backups, but its the capacity of your backup media that determines how long you’ll *be able* to. Backing up to DVD or tape is a pain, but it can’t be beat for long-term retention. When you’re out of media you just go to Staples and buy more. But when you’re backing up to disk, you have to consider how many full and incremental backups the disk can hold. If your backup device holds ten times as much as the disk(s) you’re backing up, that puts an absolute limit of ten on the number of full backups you can keep. Or, depending on your change rate, a smaller number of full backups and some incrementals.
A 100 GB system which is probably less than many of the people reading this have would take about 20 DVDs at a cost of about $6.00. 10 of those backup sets will get you a 2TB external hard drive which will hold 20 backups. Less time less cost, a more stable backup, and you can reuse any of the disk space when you determine you no longer need any of those backups. I’d go for the extra drives.
Yeah, DVDs really aren’t a good choice for backups for a variety of reasons – not least of which is the fact that DVDs are going the way of the dodo (or should that be going the way of the 5.25″ floppy?). Fewer and fewer devices will ship with DVD drives and, consequently, it’ll become harder and harder to access the data on them.
Hey! Bite your tongue, Mister! I’m a hobbyist who still has, and uses (!), a Commodore-128… meaning that I use 5.25″ floppies all the time! :)
I have two 2-terabyte external drives ($99 Canadian each) that I use for backups. My system is partitioned into C (OS & apps) and D (everything else). I have Macrium Reflect (free) set to do a full backup of C on the first of the month and a differential every other day. Images are stored on D. I use robocopy to mirror D: to a folder on External-1 and I periodically mirror External-1 to External-2. This gives me coverage in the event that one external fails. This has happened once in five years. Possible (likely) scenarios:
1. Windows OS gets corrupted – restore latest differential image from D:
2. D: gets corrupted or files accidentally deleted – restore files from External-1
3. System drive crashes – replace internal drive and rebuild from images on External-1
4. External-1 crashes – replace and rebuild from External-2 + D:
5. External-2 crashes – replace and rebuild from External-1
Yes, there is always a small chance I will lose a file if a problem occurs between backups but in all my years of computing this has never happened. In any case, critical personal files (medical/financial) are immediately (for all practical purposes) replicated to another local machine via BitTorrent Sync.
And don’t forget to back up your backups. You can simply copy them to another USB hard drive. I do that at least once a week.
I want to say a word about full system backups. Be sure that you are able to restore a full system backup. That may sound trivial, but I am using a fast NVMe drive for the boot drive in my Win7 system and most Win7 backup programs don’t natively support NVMe (particularly ALL those that rely on Win7 WinPE). I have found Clonezilla (freeware!!!) to be an incredibly powerful tool for doing “bare metal” backups. It backed up and restored my Win7 and MacOS systems when upgrading to a larger hard drive. And it supports USB3.0 for fast backup to USB3.0 drives.
By the way, when I upsize a hard drive, I usually end up keeping the old drive as a backup. Hard drives are pretty cheap compared to the grief with lost data, IMO.
I turned on my computer yesterday and, surprise. A new version of Win 10 had been installed. New Windows logo, and my entire desktop was gone! No warning, so I could make and image backup. Reboot didn’t help.
I use screen magnification of 125%. New Windows reset back to 100%. So, I set it back to 125% before doing anything else. Suddenly, everything was back to normal. Why?? Don’t care. I have work to do.
Perhaps this note will help someone.
That’s why regular backups with daily incrementals are so important. If you’d been doing daily incremental backups, you would have been able to go back. Just do it.
Leo and team,
Always excellent advice….another factor in retention of backups is the programs being kept…. considerations about whether the programs can be reloaded under a current operating system are relevant…..if you have data (which is the important part, obviously) but can’t restore the application the backup is not worth much.
Software obsolescence is real, I agree. Fortunately in many cases having the data might still allow you to try to find a compatible, or partly compatible program to deal with it. And, I also recommend treating software installation media and downloads as archives themselves, keeping them essentially forever.
This software obsolescence issue is a good argument for hanging on to an older computer with an older version of the OS to be able to run older programs to be able to access data otherwise inaccessible by a newer machine.
And both of the previous responses make good points. In my case I was thinking about application software which is vendor-specific (Dental Office software in my case), where sometimes the current package is able to convert an old file structure (usually in a database) to the new format. This is not always possible after a while so the second comment by Mark is also very relevant. As a side issue I am not comfortable with the Microsoft Windows 10 policy of deleting, or rendering inoperative, older versions of programs (Visio and older Office installations for examples). Also some hardware, especially printers, seem to ‘get the ax’ arbitrarily…….Tom Latimer, coming up on 50 years in computing and 40 of it self-employed. Keep up the excellent work.
Microsoft doesn’t deliberately render programs obsolete. It’s just a side effect of OS evolution. As hardware becomes more powerful and capable of more things, operating systems and other software become more powerful to take advantage of the new capabilities. It’s up to the application and driver software developers to keep up with upgrades. There’s also the possibility to run the compatible OS in a virtual machine.
Hi, Leo, I fully understand your concerns and recommendations. I have instigated a regime that requires a daily (windows) backup and, before leaving the internet, I always use the ‘biscuit’ to identify all the ‘cookies’ and any other nasties that may be lurking and then run Ccleaner to get rid of any other unwanted applications. That’s the daily regime but, on a weekly basis, I also run SUPERAntispyware and Malwarebytes in order to feel that bit extra secure.
What does bother me is the length of time that ‘Windows Backup’ initially takes to complete and that’s without a System Image. Why (in Windows 10 and using a WIN 7 lookalike) does it take so long to do a back-up (without a System Image)? Help required – what might I be doing wrong?
I’d have to know exactly how you have it configured, or the steps you take to initiate the backup. Honestly, I’m not a fan of Windows own built-in backup, and neither is Microsoft since they’ve announced it’s being removed some day. I much prefer EaseUS Todo or Macrium Reflect as alternatives.
What can we use to image a Mac drive? Time Machine is backing up to an external drive, but I’d like to have periodic snapshot images, too.
I tend to rely on Time Machine, myself, and don’t have a recommendation for something else, I’m afraid. Perhaps Gary out at https://macmost.com does.
Hi Leo,
The older I get, the more I struggle with memory (my own, not the RAM type) and comprehension. So I have a lot of fun trying to stay backed-up using Macrium Reflect, V-7, which I started using some time ago on your recommendation. A big problem I have with it is that my scheduled backups often fail because of something to to with the time and Windows Task Scheduler. Lots of users have that problem according to my research, but that’s a separate issue from what I want to ask you.
You described your backup/backup retention routine as:
Daily incremental backups for a month, until the next full backup occurs.
Monthly full-image backups for at least three months.
The full backup images for each quarter for an additional year.
The first full backup image of each year pretty much forever.
Now, using that scenario, suppose we draw a timeline and label the first point Jan 1 at which time we do a full backup. Move forward 31 days and label the second point Feb 1, at which time we do a second full backup. On to point 3, Mar 1st, at which time we do the third full backup. In between those full backup points are minor divisions for the days of the months. Now assume we are at March 7th, and we discover that we have a virus infection that can only be remedied by restoring from a backup. And suppose we find that the infection occurred on Jan 14th. I’m not sure what incrementals we have remaining (from your scenario) since (apparently all prior to the Mar 1st full backup were removed at the time of that full backup, but I’m fairly certain – from your description – we would not have any Jan incrementals. Does that mean we would have to go all the way back to the Jan 1 full backup to restore from? So should we not keep 90 or so incrementals?
Thanks,
Steve
Yep, in that scenario you’d have to go back to Jan 1 using the method I described.
Here’s the problem, though … the date you picked (“suppose we find that the infection occurred on Jan 14th”) is completely arbitrary. What if it were December 15 of the preceding year? or October 15? You can work your way into needing every possible daily incremental backup forever if play that “what if” game.
The idea is to pick a timeframe you’re comfortable with — be it 30 days, 90 days or whatever — and structure your plan to be able to restore safely within that timeframe.
I will say that finding in March that you were infected in January is extremely unlikely. Most infections become apparent within days, not months. And short of preparing for every possible scenario (i.e. saving every backup forever) the pragmatic approach is to prepare for the most common.
That’s where a data backup in addition to system & incremental backups comes in. If you have to roll back to a January 1 backup in March, you may lose your updates and new programs but those can all be reinstalled from their installation media. A data backup should preserve your personal files indefinitely.
The dilemma I run into, is that I have some material that I want to save forever, but I’ve removed it from active use on my computer. So as I do regular backups, after that material is removed, that material isn’t captured. So part of my fear in deleting old backups, is deleting all material that I had removed for further use. For example, I put most everything on Dropbox, which has a space limit. My pcloud backs up Dropbox every month. but I have some things from 10 years ago that were in Dropbox, that are not in Dropbox anymore because I’m not actively using them (e.g. paperwork from a house I bought and sold years ago). I’ve written a routine in Excel that can look at files in different directories and tell me what’s not duplicated, but it ends up being more work. So I have to schedule time every couple months to look through backups. I wish there was a better way.
After writing this post yesterday, I found a way to resolve my problem. I went into my master Dropbox back up on my pCloud, created a new directory in pcloud called “Removed from Dropbox.” Then I moved things over that I no longer keep in Dropbox. Then I confirmed that nothing in my master Dropbox isn’t in my current Dropbox account that I back up to every month. So then I deleted the master Dropbox, as my monthly backup of Dropbox will capture everything, and my old files are captured on the “Removed from Dropbox” directory, which is then also backed up to an external hard drive regulatory. This will not save me a lot of time
Instead of deleting those files, you can archive them. Move them to an external drive, and of course, back up your archive as that also can be damaged.
1 When I get a new computer the VERY first thing I do is to download Macrium Reflect and make an Image copy of the machine is its “out of the box” state. Then I rename the filename’s extension so there is no chance of Macrium deleting it if the backup media gets full.
2 All the files I create are stored in sub-directories under /Documents.
3 Any software programs I download, I copy to a /Software directory within /Documents (When I actually install them, the installation process will install them somewhere in /Windows, but I don’t bother about that. When I next do an Image backup of the disk, that will pick up the executables.)
4 I have a Backup File Definition in Macrium (ie a file that lists what needs to be backed up). This is called FilesOnly and it backs up C:\Users\OldFool\*.* ie my files in /Documents, my photos in /Pictures, my favourites in /Favourites. I don’t store music or videos, or use OneDrive, so I don’t have to worry about them. In particular, I don’t have to worry about how big they would be if I were to back them up. (If I did use them, I would have a separate Backup File Definition for just those directories, and I would run an incremental backup, say monthly, to pick up any new ones.
As it is, I run the FilesOnly backup weekly (now I’m retired I don’t generate the volume of important stuff that MUST be backed up. When I was working, I ran it daily.) I run a full backup of those files – incrementals are a pain the backside if/when you want to restore stuff.)
I run the Image backup every month.
I cycle through three 2TB external disks. First FilesOnly goes on disk 1, next week’s goes on disk 2 etc. First Image goes on disk 1, second on disk 2 etc.
I keep 12 months of weeklies and monthlies.
I keep the End Of Financial Year monthly for seven years (That is a reflection of how long I need to keep files to answer queries from the tax office! Different countries have different needs for keeping tax data – keep it for however long you need to, to enable you to comply.)
I keep the OutOfTheBox image backup for as long as I have that PC
I store one external disk in the spare bedroom, the second in the shed at the end of the garden, the third at my son’s place (he lives down the road). So if the house burns down and a fire engine destroys the shed, I’ll still be able to get my data back on to my new PC.
I have a 64-bit desktop PC with Windows 7 Home Premium… and NO USB 3.x ports. ALL of them are USB 2.0
The dither about all the different types of backups makes my head spin, so I use one kind of backup ONLY: Disk Image.
Macrium Reflect (an older version) takes — LITERALLY! — a day and a half to backup my 1TB hard drive to an external 1TB USB drive. I run it from the Rescue DVD; this guarantees no “file-in-use” conflicts, AND allows the system to devote 100% of resources to Macrium. The disadvantage is no multitasking — while the Macrium DVD is doing its job (for a day and a half, no less!), I have NO ability to do anything onthe computer whatsoever.
As you might very well imagine, all of this very greatly discourages me from backing up very often. In fact, I’ve just completed a nice, fresh, new, Full Disk Image backup to replace the previous one… which was dated February of 2018.
God alone knows how long it will be before I will replace this new one! :(
I’ve used Macrium Reflect for years without that problem. I usually run it in the background without any noticeable decrease in performance, and it takes no more than a couple of hours. I’d suggest you try a newer version Of Reflect or try EaseUS Todo.