A lot of awareness, although not always successfully implemented, has been raised regarding the use of emails at work (privacy, defamation etc.), but for some obscure reason, the same can’t be said for faxes sent.
Although a majority of emails sent by organisations contain disclaimers or legal notices, one has to look wide and far to find any similar notices on faxes.
In a recent report by the UK's Commissioner’s Office, information from data breaches received, coupled with audit findings, highlighted the fact that a failure to encrypt personal information in appropriate circumstances, remains a top data protection concern.
With the eminent promulgation of POPI legislation in South Africa, organisations will be well advised to familiarise themselves with POPI guidance on using faxes.
Below are some useful recommendations*:
1. Consider whether sending the information by a means other than fax is more appropriate, such as using a courier service or secure email. Make sure you only send the information that is required. For example, if an attorney asks you to forward a statement, send only the statement specifically asked for, not all statements available on the file.
2. Make sure you double check the fax number you are using. It is best to dial from a directory of previously verified numbers.
3. Check that you are sending a fax to a recipient with adequate security measures in place. For example, your fax should not be left uncollected in an open plan office.
4. If the fax is sensitive, ask the recipient to confirm that they are at the fax machine, they are ready to receive the document, and there is sufficient paper in the machine.
5. Ring up or email to make sure the whole document has been received safely.
6. Use a cover sheet. This will let anyone know who the information is for and whether it is confidential or sensitive, without them having to look at the contents.
* Recommendations supplied by the ICO UK