Dealing with accumulated data.
Thereās no single answer to this. It depends on why you created the backups and your own data āhygieneā, for lack of a better term. If youāre running a business, you may have additional considerations.
Data retention is the formal term, and different situations call for different policies.
Become a Patron of Ask Leo! and go ad-free!
How long to keep backups
- Most people should keep daily incremental backups plus a full monthly backup for three months.
- Keep backups long enough to recover from various problems, bearing in mind how quickly those problems might be detected.
- Backups made for different reasons may have different retention requirements.
- Businesses may be required to keep more backups for longer periods of time, depending on their industry.
- Special-purpose backups may have shorter or longer retention plans.
When in doubt
If you donāt want to put a lot of thought into it, I would fall back to a three-month recommendation. In slightly more detail, that means:
- Perform monthly fullĀ image backupsĀ of your entire machine.
- Perform daily incremental images building on those full image backups.
- Keeping the backups for three months.
Without knowing more about your situation, this represents a balance between recoverability ā anything in the last three months can be recovered ā and disk space ā only three monthsā worth need be kept.
Implications of how long you keep backups
Think of each backup as a representation of your computer as it was when the backup was taken. As a result:
- Yesterdayās backup: your machine and everything on it as it was yesterday.
- The day before yesterdayās backup: your machine as it was two days ago.
- The day before that: your machine as it was three days ago.
- And so onā¦
Letās look at some examples of what that implies.
Malware
Letās say your machine becomes infected with malware. As Iāve stated many times, restoring to a recent backup taken prior to the malwareās arrival is probably the fastest and most reliable way to completely remove it.
Ideally, you would notice the infection quickly and restore the previous dayās backup.Ā But what happens if you fail to notice for, say, a week? Perhaps you donāt use your computer for a while. Maybe it takes a week to figure out that the odd behavior youāre experiencing is, indeed, malware.
If you keep only a few days of backups ā say three days ā all you have is a backup of your machine as it was three days ago, which is after the malware arrived. That backup, and all backups since, are infected. You no longer have a clean backup you can restore to.
Accidental deletion
Accidents happen, andĀ sometimes we change our minds.
Letās say on MondayĀ you delete a file you believe you no longer need. Youāre done with it, or so you think.
Then, later that week ā perhaps Friday ā you suddenly realize not only were you not done with it, but it turns out to be crucial.
Once again, if you only have three backups, you have backups of your machine as it was on Thursday, Wednesday, and Tuesday. But not on Monday. As a result, you no longer have a backup copy of the file you deleted: itās gone.
File corruption
Either software or hardware can fail in such a way that a perfectly good file gets damaged to the point that it can no longer be opened or used. The file may be present, but its contents are so much garbage.
As above, letās say on Monday your computer experiences an unexpected power loss and shuts down without warning.
Come Friday, you realize that a file you rely on to perform some end-of-week processing every Friday can no longer be opened ā the application that tries to open it reports it as being broken, or of the wrong format. It looks like that power problem earlier in the week caused your hard disk to damage the file beyond repair.
Once again, with only three days of backups, you have your machine as it was on Thursday, Wednesday, and Tuesday ā all after the damage happened. You no longer have a backup copy of the undamaged file.
Malware, deletion, corruption, and more ā and how quickly they become apparent ā are important to consider when planning your backup strategy.
Types of backups
For the average user, I think about three types of backups.
- Safety net: backups taken to protect yourself when taking a risky action.
- Regular: backups taken automatically on a schedule.
- Archive: backups intended for a long-term archive.
Letās look at each.
Safety-net backups
Some backups are just a safety net created prior to a possibly risky event. If something goes wrong, you can restore your system to its pre-event status.
For example, you might back up your registry prior to installing software you donāt completely trust. Another example might be a system-image backup of your entire computer taken just before upgrading the operating system.
These types of backups are often temporary. Once the risk has passed and youāre certain youāll never have to revert to that backup, thereās no need to keep it. You could keep it for a few moments, hours, days, or weeks, depending on what it takes to feel confident that youāll never need it.
Regular backups
I consider regularly scheduled backups to be the single most important way to protect yourself from data loss and many other difficulties.
My recommendation is to automate a monthly full-image backup of your machine with daily incremental backups. While Iāve made a suggestion above, the specifics ā monthly and daily ā are less important than having something happen automatically, with no need for you to remember and take action.
Thereās no set answer as to how long you should keep these, as itĀ really depends on your own configuration, needs, and storage capacity. You might discard backups older than a month, or perhaps a year. You might decide to keep specific snapshots for longer, ājust inĀ caseā, but discard the majority.
As just one example, hereās my retention schedule for backing up the PC I use as my primary work machine. I keep:
- Daily incremental backups for a month, until the next full backup occurs.
- Monthly full-image backups for at least three months.
- The full backup images of each quarter for an additional year.
- The first full backup image of each year pretty much forever.1
As I said, thatās just an example, and my needs might well beĀ considered extraordinary compared to yours. (I use something from myĀ backups perhaps once aĀ year or so. Totally worth it.)
Archive backups
I want to mention one additional type of backup that many might not be considered to be a backup at all: what I call an archive.
An archive, to me, is a collection of data intended to be kept forever, even though itās not necessarily needed now or needed daily. For example, those backups that I keep āpretty much foreverā (mentioned above), might be considered archive copies of the long-defunct machines they represent. Similarly, the fact that I copy my photographs to cloud storage in addition to backing them up locally might also be considered archival.
The concept of archiving is truly data-dependent. Thereās no need to archive your operating system updates for posterity, but your correspondence, photographs, and other more personal items mightĀ be appropriate for archival.
A rule of thumb
A good rule of thumb is to think long and hard, āWill I ā or anyone ā ever need anything from this backup ever again? And for how long might that need exist?ā
ThenĀ keep it a while longer. 
Before answering that, we also need to look at whatās been backedĀ up, and what the implications of āneeding it againā might be.
Needing a backup
A complete system restore to a backup image resets everything onĀ that machine to the condition it was in on the day the backup wasĀ taken.
Everything since the time that backup was made isĀ lost.
For example, perhaps on September 1, I restore my computer to a full image backup that was taken on June 1. All changesĀ between June 1 and September 1 (that havenāt been saved elsewhere) are lost.
As you can imagine, then, while I might very wellĀ restore to an image of a few days ago because of a system failure orĀ other catastrophic event, I certainly wonāt be restoring my system toĀ the image taken on January 1 two years ago.
Those backups are valuable because of the files they contain. While I might never completely restore my entire machine to their contents, I can still use my backup software to explore and restore specific files from the backups taken on those earlier dates. And because theyāre image backups ā backups of absolutely everything ā I know that anything on the machine at that time can be recovered.
So, how long should I keep backups?
Thereās no general rule I can apply that would make sense for everyone.
Clearly, the first few days are important. Things like lost files, malware, and the like are often discovered quickly, and typically youāll need to go back only a day or two when thatās the case. Of course, a sudden and total hard disk failure makes itself known quite quickly.
The questions Iād have you consider are:
- How confident are you that youāll discover whatever you might want from your backup within the amount of time you keep your backups?
- What would be the cost ā be it money, emotion, or just time to re-create it ā should you be unable to recover something because you didnāt discover you needed it before your retention period passed?
- Is there any reason you canāt just throw more disk space at it and increase the number of backups you keep?
These questions apply for any time period you might choose to keep backups, be it three days, three months, or three years. For various reasons and in various situations, the proper retention period could be any of those, or even longer.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Related Video
Footnotes & References
1: In reality, āforeverā often turns out to be about five or ten years. Every so often, I go into a clean-up frenzy and delete individual backups Iām confident will never, ever be needed.
Hello, Leo. Iām a 75-year old computer newbie ā¦not really a ānewbieā at my age, but a novice computer user nonetheless. I use a system called āRegistry Boosterā to āclean upā my registry ā¦. I donāt know why I need to do this, but do it anyway. I only use this laptop for emailing to my kids and friends, for my Blockbuster account, to order online crap I donāt really need, to research stuff for crossword puzzles, āstreamingā music sites and for online banking purposes. So, nothing really complicated or technical involved. So my comment is ā¦..do I really need ābackupsā and a registry cleaner? If I donāt need backups and theyāre taking up space, how can I delete same to allow more computer space?
If your computerās hard disk was suddenly blank and everything on it were permanently lost, would that be a problem? If so, then you definitely need backups. And as that statement implies backups should never be to the same hard disk; they should be to another hard disk. These days thatās typically an external USB drive.
11-Feb-2009
I keep around 10 days worth of System Restore points. Sometimes it is the best or only way to uninstall something that didnāt work out. An uninstaller may leave a lot of stuff behind or not work at all.
As well as System State and My Docs backups (using the standard Microsoft tools), I use Macrium Reflect to create a ghost image once a week. I donāt make that many changes, so I find that keeping My Docs, System State, and a ghost image dating back two weeks is suitable for me. I also use Puppy Linux as a back up OS, so I can retreive .pst files and anything else I might need before restoring from a source that I might have made two days ago, but is never more than two weeks old.
To me System Restore is a joke, everything Iāve heard and experienced with it has been bad, so many misconceptions about itās actual function and what itās really for;
ie. if you get a virus System Restore will not cure you from the infection, itās really poorly named; I have the SR service shut off and completely disabled on all my machines;
I use the third party product from Symantec: BESR (Backup Exec System Restore) which takes full drive images or can be setup to schedule full & incremental / differential backups and from that you recover your system in itās entirety or portions that may get damaged from disk failure file corruption etc.
For my main machine I have every backup from the very first one taken when I had the machine built. I keep my āUser Filesā on a separate drive away from the OS & Programs drive C: My BESR drive images only contain the OS & Programs and I have a separate backup setup for my āuser filesā
mainly any file that I need or am currently working on I have a minimum of two copies in different locations usually two different drives
I find I need to clear out backups more often because the 2 TB drives fill up so fast (weekly full / daily incremental). Also, I just learned a lesson ā Donāt forget to look at your backups once in awhile. I thought I had set up Macrium Reflect to backup my D drive as well as C when creating an image backup, but ooops, it wasnāt backing up D for weeks, about the time I upgraded to Windows 10. Luckily, I noticed it before something bad happened.
Iāve reported here and there a few times about the time I discovered corrupted files on the external disk that holds my working files. Then I discovered I had been backing up dozens of corrupted files for several months.
Iāve been keeping backups for almost a year, limited by the capacity of my five backup disks with near-daily, weekly, and monthly layers. I think Iāll take Leoās hint and add another disk or two for annual backups. Disks are cheaper than data.
I donāt have an off-site place to keep backups. Instead, I keep my two weekly disks in my basement, in a plastic food-storage container.
I find the typical 1TB USB disks (Western Digital and Seagate) are too ācheapā. They fail too easily.
The accounting company where I work keeps backups forever. At the start of the month, the backup drive is swapped out and taken off-site, and eventually goes to long-term storage. And yes, there have been a few times when a drive (or previously, a tape) was retrieved from long-term storage.
Several commenters have mentioned this but I think it needs to be stated explicitly. The article talks about how long you might *want* to keep several types of backups, but its the capacity of your backup media that determines how long youāll *be able* to. Backing up to DVD or tape is a pain, but it canāt be beat for long-term retention. When youāre out of media you just go to Staples and buy more. But when youāre backing up to disk, you have to consider how many full and incremental backups the disk can hold. If your backup device holds ten times as much as the disk(s) youāre backing up, that puts an absolute limit of ten on the number of full backups you can keep. Or, depending on your change rate, a smaller number of full backups and some incrementals.
A 100 GB system which is probably less than many of the people reading this have would take about 20 DVDs at a cost of about $6.00. 10 of those backup sets will get you a 2TB external hard drive which will hold 20 backups. Less time less cost, a more stable backup, and you can reuse any of the disk space when you determine you no longer need any of those backups. Iād go for the extra drives.
Yeah, DVDs really arenāt a good choice for backups for a variety of reasons ā not least of which is the fact that DVDs are going the way of the dodo (or should that be going the way of the 5.25ā³ floppy?). Fewer and fewer devices will ship with DVD drives and, consequently, itāll become harder and harder to access the data on them.
Hey! Bite your tongue, Mister! Iām a hobbyist who still has, and uses (!), a Commodore-128ā¦ meaning that I use 5.25ā³ floppies all the time! :)
I have two 2-terabyte external drives ($99 Canadian each) that I use for backups. My system is partitioned into C (OS & apps) and D (everything else). I have Macrium Reflect (free) set to do a full backup of C on the first of the month and a differential every other day. Images are stored on D. I use robocopy to mirror D: to a folder on External-1 and I periodically mirror External-1 to External-2. This gives me coverage in the event that one external fails. This has happened once in five years. Possible (likely) scenarios:
1. Windows OS gets corrupted ā restore latest differential image from D:
2. D: gets corrupted or files accidentally deleted ā restore files from External-1
3. System drive crashes ā replace internal drive and rebuild from images on External-1
4. External-1 crashes ā replace and rebuild from External-2 + D:
5. External-2 crashes ā replace and rebuild from External-1
Yes, there is always a small chance I will lose a file if a problem occurs between backups but in all my years of computing this has never happened. In any case, critical personal files (medical/financial) are immediately (for all practical purposes) replicated to another local machine via BitTorrent Sync.
And donāt forget to back up your backups. You can simply copy them to another USB hard drive. I do that at least once a week.
I want to say a word about full system backups. Be sure that you are able to restore a full system backup. That may sound trivial, but I am using a fast NVMe drive for the boot drive in my Win7 system and most Win7 backup programs donāt natively support NVMe (particularly ALL those that rely on Win7 WinPE). I have found Clonezilla (freeware!!!) to be an incredibly powerful tool for doing ābare metalā backups. It backed up and restored my Win7 and MacOS systems when upgrading to a larger hard drive. And it supports USB3.0 for fast backup to USB3.0 drives.
By the way, when I upsize a hard drive, I usually end up keeping the old drive as a backup. Hard drives are pretty cheap compared to the grief with lost data, IMO.
I turned on my computer yesterday and, surprise. A new version of Win 10 had been installed. New Windows logo, and my entire desktop was gone! No warning, so I could make and image backup. Reboot didnāt help.
I use screen magnification of 125%. New Windows reset back to 100%. So, I set it back to 125% before doing anything else. Suddenly, everything was back to normal. Why?? Donāt care. I have work to do.
Perhaps this note will help someone.
Thatās why regular backups with daily incrementals are so important. If youād been doing daily incremental backups, you would have been able to go back. Just do it.
Leo and team,
Always excellent adviceā¦.another factor in retention of backups is the programs being keptā¦. considerations about whether the programs can be reloaded under a current operating system are relevantā¦..if you have data (which is the important part, obviously) but canāt restore the application the backup is not worth much.
Software obsolescence is real, I agree. Fortunately in many cases having the data might still allow you to try to find a compatible, or partly compatible program to deal with it. And, I also recommend treating software installation media and downloads as archives themselves, keeping them essentially forever.
This software obsolescence issue is a good argument for hanging on to an older computer with an older version of the OS to be able to run older programs to be able to access data otherwise inaccessible by a newer machine.
And both of the previous responses make good points. In my case I was thinking about application software which is vendor-specific (Dental Office software in my case), where sometimes the current package is able to convert an old file structure (usually in a database) to the new format. This is not always possible after a while so the second comment by Mark is also very relevant. As a side issue I am not comfortable with the Microsoft Windows 10 policy of deleting, or rendering inoperative, older versions of programs (Visio and older Office installations for examples). Also some hardware, especially printers, seem to āget the axā arbitrarilyā¦ā¦.Tom Latimer, coming up on 50 years in computing and 40 of it self-employed. Keep up the excellent work.
Microsoft doesnāt deliberately render programs obsolete. Itās just a side effect of OS evolution. As hardware becomes more powerful and capable of more things, operating systems and other software become more powerful to take advantage of the new capabilities. Itās up to the application and driver software developers to keep up with upgrades. Thereās also the possibility to run the compatible OS in a virtual machine.
Hi, Leo, I fully understand your concerns and recommendations. I have instigated a regime that requires a daily (windows) backup and, before leaving the internet, I always use the ābiscuitā to identify all the ācookiesā and any other nasties that may be lurking and then run Ccleaner to get rid of any other unwanted applications. Thatās the daily regime but, on a weekly basis, I also run SUPERAntispyware and Malwarebytes in order to feel that bit extra secure.
What does bother me is the length of time that āWindows Backupā initially takes to complete and thatās without a System Image. Why (in Windows 10 and using a WIN 7 lookalike) does it take so long to do a back-up (without a System Image)? Help required ā what might I be doing wrong?
Iād have to know exactly how you have it configured, or the steps you take to initiate the backup. Honestly, Iām not a fan of Windows own built-in backup, and neither is Microsoft since theyāve announced itās being removed some day. I much prefer EaseUS Todo or Macrium Reflect as alternatives.
What can we use to image a Mac drive? Time Machine is backing up to an external drive, but Iād like to have periodic snapshot images, too.
I tend to rely on Time Machine, myself, and donāt have a recommendation for something else, Iām afraid. Perhaps Gary out at https://macmost.com does.
Hi Leo,
The older I get, the more I struggle with memory (my own, not the RAM type) and comprehension. So I have a lot of fun trying to stay backed-up using Macrium Reflect, V-7, which I started using some time ago on your recommendation. A big problem I have with it is that my scheduled backups often fail because of something to to with the time and Windows Task Scheduler. Lots of users have that problem according to my research, but thatās a separate issue from what I want to ask you.
You described your backup/backup retention routine as:
Daily incremental backups for a month, until the next full backup occurs.
Monthly full-image backups for at least three months.
The full backup images for each quarter for an additional year.
The first full backup image of each year pretty much forever.
Now, using that scenario, suppose we draw a timeline and label the first point Jan 1 at which time we do a full backup. Move forward 31 days and label the second point Feb 1, at which time we do a second full backup. On to point 3, Mar 1st, at which time we do the third full backup. In between those full backup points are minor divisions for the days of the months. Now assume we are at March 7th, and we discover that we have a virus infection that can only be remedied by restoring from a backup. And suppose we find that the infection occurred on Jan 14th. Iām not sure what incrementals we have remaining (from your scenario) since (apparently all prior to the Mar 1st full backup were removed at the time of that full backup, but Iām fairly certain ā from your description ā we would not have any Jan incrementals. Does that mean we would have to go all the way back to the Jan 1 full backup to restore from? So should we not keep 90 or so incrementals?
Thanks,
Steve
Yep, in that scenario youād have to go back to Jan 1 using the method I described.
Hereās the problem, though ā¦ the date you picked (āsuppose we find that the infection occurred on Jan 14thā) is completely arbitrary. What if it were December 15 of the preceding year? or October 15? You can work your way into needing every possible daily incremental backup forever if play that āwhat ifā game.
The idea is to pick a timeframe youāre comfortable with ā be it 30 days, 90 days or whatever ā and structure your plan to be able to restore safely within that timeframe.
I will say that finding in March that you were infected in January is extremely unlikely. Most infections become apparent within days, not months. And short of preparing for every possible scenario (i.e. saving every backup forever) the pragmatic approach is to prepare for the most common.
Thatās where a data backup in addition to system & incremental backups comes in. If you have to roll back to a January 1 backup in March, you may lose your updates and new programs but those can all be reinstalled from their installation media. A data backup should preserve your personal files indefinitely.
The dilemma I run into, is that I have some material that I want to save forever, but Iāve removed it from active use on my computer. So as I do regular backups, after that material is removed, that material isnāt captured. So part of my fear in deleting old backups, is deleting all material that I had removed for further use. For example, I put most everything on Dropbox, which has a space limit. My pcloud backs up Dropbox every month. but I have some things from 10 years ago that were in Dropbox, that are not in Dropbox anymore because Iām not actively using them (e.g. paperwork from a house I bought and sold years ago). Iāve written a routine in Excel that can look at files in different directories and tell me whatās not duplicated, but it ends up being more work. So I have to schedule time every couple months to look through backups. I wish there was a better way.
After writing this post yesterday, I found a way to resolve my problem. I went into my master Dropbox back up on my pCloud, created a new directory in pcloud called āRemoved from Dropbox.ā Then I moved things over that I no longer keep in Dropbox. Then I confirmed that nothing in my master Dropbox isnāt in my current Dropbox account that I back up to every month. So then I deleted the master Dropbox, as my monthly backup of Dropbox will capture everything, and my old files are captured on the āRemoved from Dropboxā directory, which is then also backed up to an external hard drive regulatory. This will not save me a lot of time
Instead of deleting those files, you can archive them. Move them to an external drive, and of course, back up your archive as that also can be damaged.
1 When I get a new computer the VERY first thing I do is to download Macrium Reflect and make an Image copy of the machine is its āout of the boxā state. Then I rename the filenameās extension so there is no chance of Macrium deleting it if the backup media gets full.
2 All the files I create are stored in sub-directories under /Documents.
3 Any software programs I download, I copy to a /Software directory within /Documents (When I actually install them, the installation process will install them somewhere in /Windows, but I donāt bother about that. When I next do an Image backup of the disk, that will pick up the executables.)
4 I have a Backup File Definition in Macrium (ie a file that lists what needs to be backed up). This is called FilesOnly and it backs up C:\Users\OldFool\*.* ie my files in /Documents, my photos in /Pictures, my favourites in /Favourites. I donāt store music or videos, or use OneDrive, so I donāt have to worry about them. In particular, I donāt have to worry about how big they would be if I were to back them up. (If I did use them, I would have a separate Backup File Definition for just those directories, and I would run an incremental backup, say monthly, to pick up any new ones.
As it is, I run the FilesOnly backup weekly (now Iām retired I donāt generate the volume of important stuff that MUST be backed up. When I was working, I ran it daily.) I run a full backup of those files ā incrementals are a pain the backside if/when you want to restore stuff.)
I run the Image backup every month.
I cycle through three 2TB external disks. First FilesOnly goes on disk 1, next weekās goes on disk 2 etc. First Image goes on disk 1, second on disk 2 etc.
I keep 12 months of weeklies and monthlies.
I keep the End Of Financial Year monthly for seven years (That is a reflection of how long I need to keep files to answer queries from the tax office! Different countries have different needs for keeping tax data ā keep it for however long you need to, to enable you to comply.)
I keep the OutOfTheBox image backup for as long as I have that PC
I store one external disk in the spare bedroom, the second in the shed at the end of the garden, the third at my sonās place (he lives down the road). So if the house burns down and a fire engine destroys the shed, Iāll still be able to get my data back on to my new PC.
I have a 64-bit desktop PC with Windows 7 Home Premiumā¦ and NO USB 3.x ports. ALL of them are USB 2.0
The dither about all the different types of backups makes my head spin, so I use one kind of backup ONLY: Disk Image.
Macrium Reflect (an older version) takes ā LITERALLY! ā a day and a half to backup my 1TB hard drive to an external 1TB USB drive. I run it from the Rescue DVD; this guarantees no āfile-in-useā conflicts, AND allows the system to devote 100% of resources to Macrium. The disadvantage is no multitasking ā while the Macrium DVD is doing its job (for a day and a half, no less!), I have NO ability to do anything onthe computer whatsoever.
As you might very well imagine, all of this very greatly discourages me from backing up very often. In fact, Iāve just completed a nice, fresh, new, Full Disk Image backup to replace the previous oneā¦ which was dated February of 2018.
God alone knows how long it will be before I will replace this new one! :(
Iāve used Macrium Reflect for years without that problem. I usually run it in the background without any noticeable decrease in performance, and it takes no more than a couple of hours. Iād suggest you try a newer version Of Reflect or try EaseUS Todo.