We've got a regularly updated database in MySQL that contains sensitve data (somewhat de-personalized medical data that is being statistically analyzed). The database lives on a secure server in a locked server room. I'm confident the Sys Admin has properly and thoroughly limited access via internet (data may only be posted) and intranet. The challenge now is backing up this data securely.
Our sys admin has recommended an external hard drive hanging off my system in my locked office. This would provide us with physical isolation from the server room and relative physical security of the backup device. The question then becomes how to further secure the external HD - I guess there are devices which have built in user access control, and we could also just get a common device and load some sort of access control or encrypting software.
This doesn't have to keep out the NSA, or even really good hackers (none of whom would likely care about this stuff anyway). We just need to demonstrate to the people allowing us access to this data that we are taking every reasonable precaution to protect their data and that their trust in us is justified..
Btw, this being an academic project, the budget is limited to certainly no more than $500 for a solution - probably $300 would fly well.