I don’t think there’s a single answer to this. It depends on why you created the backups, and even your own data “hygiene”, for lack of a better term. If you’re running a business, you may have additional considerations.
Data retention is the formal term, and different situations call for different retention policies.
Become a Patron of Ask Leo! and go ad-free!
- Most consumers are served well by daily incremental backups plus a full backup every month, keeping the most recent three months.
- Backups should be kept long enough to recover from an assortment of maladies, with some idea of how quickly those problems might be detected.
- Different types of backups made for different reasons have different retention requirements.
- Businesses may be required to keep more backups for longer periods of time, depending on their industry.
- Special-purpose backups may have shorter or longer retention plans.
When in doubt
- Perform monthly full image backups of your entire machine.
- Perform daily incremental images building on those full image backups.
- Keep backups for three months.
Without knowing more about your situation, this represents a balance between recoverability — anything in the last three months can be recovered — and disk space — only three months’ worth need be kept.
Implications of how long you keep backups
Think of each backup as a representation of your computer as it was when the backup was taken. As a result:
- Yesterday’s backup: your machine and everything on it as it was yesterday.
- The day before yesterday’s backup: your machine as it was two days ago.
- The day before that: your machine as it was three days ago.
- And so on…
Let’s look at some examples of what that implies.
Malware
Let’s say your machine becomes infected with malware. As I’ve stated many times, restoring to a recent backup taken prior to the malware’s arrival is probably the fastest and most reliable way to completely remove it.
Ideally, you would notice the infection quickly, and restore the previous day’s backup.
But what happens if you fail to notice for, say, a week? Perhaps you don’t use your computer for a while. Maybe it takes a week to figure out that the odd behavior you’re experiencing is, indeed, malware.
If you keep only few days of backups — say three days — all you have is a backup of your machine as it was three days ago, which is after the malware arrived. That backup, and all backups since, are infected. You no longer have a clean backup you can restore to.
Accidental deletion
Accidents happen, and sometimes we change our minds.
Let’s say on Monday you delete a file you believe you no longer need. You’re done with it, or so you think.
Then, later that week — perhaps Friday — you suddenly realize not only were you not done with it, but it turns out to be critical.
Once again, if you only have three backups, you have backups of your machine as it was on Thursday, Wednesday, and Tuesday. But not on Monday. As a result, you no longer have a back-up copy of the file you deleted: it’s gone.
File corruption
Either software or hardware can fail in such a way that a perfectly good file gets damaged to the point that it can no longer be opened or used. The file may be present, but it contents are so much garbage.
As above, let’s say on Monday your computer experiences an unexpected power loss and shuts down without warning.
Come Friday, you realize that a file you rely on to perform some end-of-week processing every Friday can no longer be opened — the application that tries to open it reports it as being broken, or of the wrong format. It looks like that power problem earlier in the week caused your hard disk to damage the file beyond repair.
Once again, with only three days of backups, you have your machine as it was on Thursday, Wednesday, and Tuesday — all after the damage happened. You no longer have a backup copy of the undamaged file.
Malware, deletion, corruption, and more — and how quickly they become apparent — are important factors to consider when planning your backup strategy.
Types of backups
When it comes to the average computer user, I think about three general types of backups.
- Safety net: backups taken specifically to protect yourself when taking a risky action.
- Regular: backups you take automatically on a periodic schedule.
- Archive: backups intended to be kept in a long-term archive.
Let’s look at each of these in turn.
Safety-net backups
Some backups are simply a safety net created prior to a possibly risky event. If something goes wrong, you can restore your system to its pre-event status.
For example, you might back up your registry prior to installing software you don’t completely trust. Another example might be a system-image backup of your entire computer taken just before upgrading the operating system.
These types of backups are often temporary. Once the risk has passed and you’re certain you’ll never have to revert to that backup, there’s no need to keep it. You could keep it for a few moments, hours, days, or weeks, depending on what it takes to feel confident that you’ll never need it.
Regular backups
I consider regularly-scheduled backups to be the single most important way to protect yourself from data loss.
My recommendation is to automate a monthly full-image backup of your machine with intervening daily incremental backups. While I’ve made a suggestion above, the specifics — monthly and daily — are less important than having something happen automatically, with no need for you to remember and take action.
There’s no set answer as to how long you should keep these, as it really depends on your own configuration, needs, and storage capacity. You might discard backups older than a month, or perhaps a year. You might decide to keep specific snapshots for longer, “just in case”, but discard the majority.
As just one example, here’s my retention schedule for backing up the PC I use as my primary work machine. I keep:
- Daily incremental backups for a month, until the next full backup occurs.
- Monthly full-image backups for at least three months.
- The full backup images for each quarter for an additional year.
- The first full backup image of each year pretty much forever.1
As I said, that’s just an example, and my needs might well be considered extraordinary compared to yours. (I use something from my backups perhaps once a year or so. Totally worth it.)
Archive backups
I want to mention one additional type of backup that many might not be considered to be a backup at all: what I call an archive.
An archive, to me, is a collection of data intended to be kept forever, even though it’s not necessarily needed now, or needed daily. For example, those backups that I keep “pretty much forever” (mentioned above), might be considered archive copies of the long-defunct machines they represent. Similarly, the fact that I copy my photographs to cloud storage in addition to backing them up locally might also be considered archival.
The concept of archiving is truly data-dependent. There’s no need to archive your operating system updates for posterity, but your correspondence, photographs, and other more personal items might be appropriate for archival.
A rule of thumb
A good rule of thumb is to think long and hard, “Will I — or anyone — ever need anything from this backup ever again? And for how long might that need exist?”
Then keep it a while longer. 
Before answering that, we also need to look at what’s been backed up, and what the implications of “needing it again” might be.
Needing a backup
A complete system restore to a backup image resets everything on that machine to the condition it was in on the day the backup was taken.
Everything since the time that backup was made is lost.
For example, perhaps on September 1, I restore my computer to a full image backup that was taken on June 1. All changes between June 1 and September 1 (that haven’t been saved elsewhere) are lost.
As you can imagine, then, while I might very well restore to an image of a few days ago because of a system failure or other catastrophic event, I certainly won’t be restoring my system to the image taken on January 1 two years ago.
Those backups are valuable because of the files they contain. While I might never completely restore my entire machine to their contents, I can still use my back-up software to explore and restore specific files from the backups taken on those earlier dates. And because they’re image backups — backups of absolutely everything — I know that anything on the machine at that time can be recovered.
So, how long should you keep backups?
There’s no general rule I can apply that would make sense for everyone.
Clearly, the first few days are important. Things like lost files, malware, and the like are often discovered quickly, and typically you’ll need to go back only a day or two when that’s the case. Of course, a sudden and total hard disk failure makes itself known quite quickly.
The questions I’d have you consider are:
- How confident are you that you’ll discover whatever you might want from your backup within the amount of time you keep your backups?
- What would be the cost — be it money, emotion, or just time to re-create it — should you be unable to recover something because you didn’t discover you needed it before your retention period passed?
- Is there any reason you can’t just throw more disk space at it and increase the number of backups you keep?
These questions apply for any time period you might choose to keep backups, be it three days, three months, or three years. For various reasons and in various situations, the proper retention period could be any of those, or even longer.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,
Podcast audio
Download (right-click, Save-As) (Duration: 10:36 — 11.3MB)
Subscribe: Apple Podcasts | Android | RSS
Related Video
Footnotes & References
1: In reality, “forever” often turns out to be about five or ten years. Every so often, I go into a clean-up frenzy and delete individual backups I’m confident will never, ever be needed.
Hello, Leo. I’m a 75-year old computer newbie …not really a “newbie” at my age, but a novice computer user nonetheless. I use a system called “Registry Booster” to “clean up” my registry …. I don’t know why I need to do this, but do it anyway. I only use this laptop for emailing to my kids and friends, for my Blockbuster account, to order online crap I don’t really need, to research stuff for crossword puzzles, “streaming” music sites and for online banking purposes. So, nothing really complicated or technical involved. So my comment is …..do I really need “backups” and a registry cleaner? If I don’t need backups and they’re taking up space, how can I delete same to allow more computer space?
If your computer’s hard disk was suddenly blank and everything on it were permanently lost, would that be a problem? If so, then you definitely need backups. And as that statement implies backups should never be to the same hard disk; they should be to another hard disk. These days that’s typically an external USB drive.
11-Feb-2009
I keep around 10 days worth of System Restore points. Sometimes it is the best or only way to uninstall something that didn’t work out. An uninstaller may leave a lot of stuff behind or not work at all.
As well as System State and My Docs backups (using the standard Microsoft tools), I use Macrium Reflect to create a ghost image once a week. I don’t make that many changes, so I find that keeping My Docs, System State, and a ghost image dating back two weeks is suitable for me. I also use Puppy Linux as a back up OS, so I can retreive .pst files and anything else I might need before restoring from a source that I might have made two days ago, but is never more than two weeks old.
To me System Restore is a joke, everything I’ve heard and experienced with it has been bad, so many misconceptions about it’s actual function and what it’s really for;
ie. if you get a virus System Restore will not cure you from the infection, it’s really poorly named; I have the SR service shut off and completely disabled on all my machines;
I use the third party product from Symantec: BESR (Backup Exec System Restore) which takes full drive images or can be setup to schedule full & incremental / differential backups and from that you recover your system in it’s entirety or portions that may get damaged from disk failure file corruption etc.
For my main machine I have every backup from the very first one taken when I had the machine built. I keep my “User Files” on a separate drive away from the OS & Programs drive C: My BESR drive images only contain the OS & Programs and I have a separate backup setup for my “user files”
mainly any file that I need or am currently working on I have a minimum of two copies in different locations usually two different drives
I find I need to clear out backups more often because the 2 TB drives fill up so fast (weekly full / daily incremental). Also, I just learned a lesson – Don’t forget to look at your backups once in awhile. I thought I had set up Macrium Reflect to backup my D drive as well as C when creating an image backup, but ooops, it wasn’t backing up D for weeks, about the time I upgraded to Windows 10. Luckily, I noticed it before something bad happened.
I’ve reported here and there a few times about the time I discovered corrupted files on the external disk that holds my working files. Then I discovered I had been backing up dozens of corrupted files for several months.
I’ve been keeping backups for almost a year, limited by the capacity of my five backup disks with near-daily, weekly, and monthly layers. I think I’ll take Leo’s hint and add another disk or two for annual backups. Disks are cheaper than data.
I don’t have an off-site place to keep backups. Instead, I keep my two weekly disks in my basement, in a plastic food-storage container.
I find the typical 1TB USB disks (Western Digital and Seagate) are too “cheap”. They fail too easily.
The accounting company where I work keeps backups forever. At the start of the month, the backup drive is swapped out and taken off-site, and eventually goes to long-term storage. And yes, there have been a few times when a drive (or previously, a tape) was retrieved from long-term storage.
Several commenters have mentioned this but I think it needs to be stated explicitly. The article talks about how long you might *want* to keep several types of backups, but its the capacity of your backup media that determines how long you’ll *be able* to. Backing up to DVD or tape is a pain, but it can’t be beat for long-term retention. When you’re out of media you just go to Staples and buy more. But when you’re backing up to disk, you have to consider how many full and incremental backups the disk can hold. If your backup device holds ten times as much as the disk(s) you’re backing up, that puts an absolute limit of ten on the number of full backups you can keep. Or, depending on your change rate, a smaller number of full backups and some incrementals.
A 100 GB system which is probably less than many of the people reading this have would take about 20 DVDs at a cost of about $6.00. 10 of those backup sets will get you a 2TB external hard drive which will hold 20 backups. Less time less cost, a more stable backup, and you can reuse any of the disk space when you determine you no longer need any of those backups. I’d go for the extra drives.
Yeah, DVDs really aren’t a good choice for backups for a variety of reasons – not least of which is the fact that DVDs are going the way of the dodo (or should that be going the way of the 5.25″ floppy?). Fewer and fewer devices will ship with DVD drives and, consequently, it’ll become harder and harder to access the data on them.
I have two 2-terabyte external drives ($99 Canadian each) that I use for backups. My system is partitioned into C (OS & apps) and D (everything else). I have Macrium Reflect (free) set to do a full backup of C on the first of the month and a differential every other day. Images are stored on D. I use robocopy to mirror D: to a folder on External-1 and I periodically mirror External-1 to External-2. This gives me coverage in the event that one external fails. This has happened once in five years. Possible (likely) scenarios:
1. Windows OS gets corrupted – restore latest differential image from D:
2. D: gets corrupted or files accidentally deleted – restore files from External-1
3. System drive crashes – replace internal drive and rebuild from images on External-1
4. External-1 crashes – replace and rebuild from External-2 + D:
5. External-2 crashes – replace and rebuild from External-1
Yes, there is always a small chance I will lose a file if a problem occurs between backups but in all my years of computing this has never happened. In any case, critical personal files (medical/financial) are immediately (for all practical purposes) replicated to another local machine via BitTorrent Sync.
And don’t forget to back up your backups. You can simply copy them to another USB hard drive. I do that at least once a week.
I want to say a word about full system backups. Be sure that you are able to restore a full system backup. That may sound trivial, but I am using a fast NVMe drive for the boot drive in my Win7 system and most Win7 backup programs don’t natively support NVMe (particularly ALL those that rely on Win7 WinPE). I have found Clonezilla (freeware!!!) to be an incredibly powerful tool for doing “bare metal” backups. It backed up and restored my Win7 and MacOS systems when upgrading to a larger hard drive. And it supports USB3.0 for fast backup to USB3.0 drives.
By the way, when I upsize a hard drive, I usually end up keeping the old drive as a backup. Hard drives are pretty cheap compared to the grief with lost data, IMO.
I turned on my computer yesterday and, surprise. A new version of Win 10 had been installed. New Windows logo, and my entire desktop was gone! No warning, so I could make and image backup. Reboot didn’t help.
I use screen magnification of 125%. New Windows reset back to 100%. So, I set it back to 125% before doing anything else. Suddenly, everything was back to normal. Why?? Don’t care. I have work to do.
Perhaps this note will help someone.
If you’d been doing daily incremental backups, you would have been able to go back. Just do it.
Once again, jim, you have rattled our chains…. make backups… understood and appreciated.
Leo and team,
Always excellent advice….another factor in retention of backups is the programs being kept…. considerations about whether the programs can be reloaded under a current operating system are relevant…..if you have data (which is the important part, obviously) but can’t restore the application the backup is not worth much.
Software obsolescence is real, I agree. Fortunately in many cases having the data might still allow you to try to find a compatible, or partly compatible program to deal with it. And, I also recommend treating software installation media and downloads as archives themselves, keeping them essentially forever.
This software obsolescence issue is a good argument for hanging on to an older computer with an older version of the OS to be able to run older programs to be able to access data otherwise inaccessible by a newer machine.
And both of the previous responses make good points. In my case I was thinking about application software which is vendor-specific (Dental Office software in my case), where sometimes the current package is able to convert an old file structure (usually in a database) to the new format. This is not always possible after a while so the second comment by Mark is also very relevant. As a side issue I am not comfortable with the Microsoft Windows 10 policy of deleting, or rendering inoperative, older versions of programs (Visio and older Office installations for examples). Also some hardware, especially printers, seem to ‘get the ax’ arbitrarily…….Tom Latimer, coming up on 50 years in computing and 40 of it self-employed. Keep up the excellent work.
Microsoft doesn’t deliberately render programs obsolete. It’s just a side effect of OS evolution. As hardware becomes more powerful and capable of more things, operating systems and other software become more powerful to take advantage of the new capabilities. It’s up to the application and driver software developers to keep up with upgrades. There’s also the possibility to run the compatible OS in a virtual machine.
Hi, Leo, I fully understand your concerns and recommendations. I have instigated a regime that requires a daily (windows) backup and, before leaving the internet, I always use the ‘biscuit’ to identify all the ‘cookies’ and any other nasties that may be lurking and then run Ccleaner to get rid of any other unwanted applications. That’s the daily regime but, on a weekly basis, I also run SUPERAntispyware and Malwarebytes in order to feel that bit extra secure.
What does bother me is the length of time that ‘Windows Backup’ initially takes to complete and that’s without a System Image. Why (in Windows 10 and using a WIN 7 lookalike) does it take so long to do a back-up (without a System Image)? Help required – what might I be doing wrong?
I’d have to know exactly how you have it configured, or the steps you take to initiate the backup. Honestly, I’m not a fan of Windows own built-in backup, and neither is Microsoft since they’ve announced it’s being removed some day. I much prefer EaseUS Todo or Macrium Reflect as alternatives.
What can we use to image a Mac drive? Time Machine is backing up to an external drive, but I’d like to have periodic snapshot images, too.
I tend to rely on Time Machine, myself, and don’t have a recommendation for something else, I’m afraid. Perhaps Gary out at https://macmost.com does.
Hi Leo,
The older I get, the more I struggle with memory (my own, not the RAM type) and comprehension. So I have a lot of fun trying to stay backed-up using Macrium Reflect, V-7, which I started using some time ago on your recommendation. A big problem I have with it is that my scheduled backups often fail because of something to to with the time and Windows Task Scheduler. Lots of users have that problem according to my research, but that’s a separate issue from what I want to ask you.
You described your backup/backup retention routine as:
Daily incremental backups for a month, until the next full backup occurs.
Monthly full-image backups for at least three months.
The full backup images for each quarter for an additional year.
The first full backup image of each year pretty much forever.
Now, using that scenario, suppose we draw a timeline and label the first point Jan 1 at which time we do a full backup. Move forward 31 days and label the second point Feb 1, at which time we do a second full backup. On to point 3, Mar 1st, at which time we do the third full backup. In between those full backup points are minor divisions for the days of the months. Now assume we are at March 7th, and we discover that we have a virus infection that can only be remedied by restoring from a backup. And suppose we find that the infection occurred on Jan 14th. I’m not sure what incrementals we have remaining (from your scenario) since (apparently all prior to the Mar 1st full backup were removed at the time of that full backup, but I’m fairly certain – from your description – we would not have any Jan incrementals. Does that mean we would have to go all the way back to the Jan 1 full backup to restore from? So should we not keep 90 or so incrementals?
Thanks,
Steve
Yep, in that scenario you’d have to go back to Jan 1 using the method I described.
Here’s the problem, though … the date you picked (“suppose we find that the infection occurred on Jan 14th”) is completely arbitrary. What if it were December 15 of the preceding year? or October 15? You can work your way into needing every possible daily incremental backup forever if play that “what if” game.
The idea is to pick a timeframe you’re comfortable with — be it 30 days, 90 days or whatever — and structure your plan to be able to restore safely within that timeframe.
I will say that finding in March that you were infected in January is extremely unlikely. Most infections become apparent within days, not months. And short of preparing for every possible scenario (i.e. saving every backup forever) the pragmatic approach is to prepare for the most common.
Thank you.
That’s where a data backup in addition to system & incremental backups comes in. If you have to roll back to a January 1 backup in March, you may lose your updates and new programs but those can all be reinstalled from their installation media. A data backup should preserve your personal files indefinitely.
Thank you.
The dilemma I run into, is that I have some material that I want to save forever, but I’ve removed it from active use on my computer. So as I do regular backups, after that material is removed, that material isn’t captured. So part of my fear in deleting old backups, is deleting all material that I had removed for further use. For example, I put most everything on Dropbox, which has a space limit. My pcloud backs up Dropbox every month. but I have some things from 10 years ago that were in Dropbox, that are not in Dropbox anymore because I’m not actively using them (e.g. paperwork from a house I bought and sold years ago). I’ve written a routine in Excel that can look at files in different directories and tell me what’s not duplicated, but it ends up being more work. So I have to schedule time every couple months to look through backups. I wish there was a better way.
After writing this post yesterday, I found a way to resolve my problem. I went into my master Dropbox back up on my pCloud, created a new directory in pcloud called “Removed from Dropbox.” Then I moved things over that I no longer keep in Dropbox. Then I confirmed that nothing in my master Dropbox isn’t in my current Dropbox account that I back up to every month. So then I deleted the master Dropbox, as my monthly backup of Dropbox will capture everything, and my old files are captured on the “Removed from Dropbox” directory, which is then also backed up to an external hard drive regulatory. This will not save me a lot of time
Instead of deleting those files, you can archive them. Move them to an external drive, and of course, back up your archive as that also can be damaged.