Fax vs. E-mail – Weighing the Fax!
Over the summer, some of us at the IPC were discussing the merits of fax and e-mail and how well these technologies protect privacy. So I wrote the original version of this blog to weigh in on which “technology” has better safeguards: e-mail or fax. We’ve heard that this has generated a lot of discussion. New resources have been created since then. So we thought we would update this blog.
WTF: Why the Fax?
I thought I would start out by mentioning that fax technology was actually developed in 1842. That is 30 years before the telephone was invented. So I asked myself why this almost ancient technology has survived this long. Why do we keep a dedicated phone line, annoying curly paper and the spine tingling, screechy modem noise in our work life? The Internet tells me that faxing is still the preferred way to send an authentic signature and that is why we keep it around. Also, a fax gives a confirmation when it has been received by the recipient.
However, in almost 175 years, you would hope that technology would produce something better than fax. Wait! It did! E-mail. Nowadays, we can add attachments to e-mail with a click of a button. No physical paper is even required. It is also quick and easy to scan already printed documents in to .PDF form and attach to an e-mail as well. This often produces higher quality scans. Here at the IPC, we are paperless and we avoid printing as much as possible. Our printer scans our documents in no time.
The Same Inherent Risks
Our office is not so concerned about the inconvenience and environmental impact of faxing; but we are concerned about the privacy implications.
The truth is e-mail and faxing have the same risks. It is just as easy to punch in an incorrect fax number as it is to type in an incorrect e-mail address. Also, the fax number and e-mail address have the same chance of being out of date.
Further, the electronic signals of fax can also be intercepted as easily as e-mail can be hacked. Faxpionage! Another blogger wrote:
While computers can be hacked and subjected to malware, fax machines have glaring problems of their own. Modern fax machines are computers in their own right, as they store images of every document they’ve ever sent, received or scanned. Unlike your personal computer, however, most machines don’t run security and anti-malware software that can protect against intrusion. (http://blog.rightsignature.com/2015/11/why-fax-isnt-secure-enough-esignatures.html)
Yet, with all the e-mails and faxes sent by government institutions, local authorities and trustees each day in our province, our office has performed more privacy breach investigations with respect to faxes than e-mail. And some of those fax investigations have affected many individuals. None of these breaches involve a hacking or intentional interception aspect.
So why has our office dealt with more privacy breaches involving fax? One reason could be that it’s easier to apply safeguards to email than to fax.
E-mail has Better Safeguards
- Specified recipients: In most cases, an e-mail is sent to the specific e-mail account of an individual with a need-to-know. This e-mail account is password protected. With e-mail, there is no middle man. In the case of fax, an office usually has one fax machine in a communal location. Any passerby can read a fax that comes in. Usually an administrative professional, who may not have a need-to-know, is tasked with delivering the faxes to the appropriate person.
- No need for a fax cover sheet: All the information that best practices requires on a fax cover sheet is automatically added to the e-mail.
- Eliminates problems when there is no fax cover sheet: When a fax is received without a fax cover sheet, it can cause several problems. First, personal information and personal health information is exposed when lying on the fax machine. Second, it can be difficult to determine who the intended recipient is. A few individuals may have to be consulted before finding the person with a need-to-know. Finally, if it is received in error, it can be difficult to determine who to notify that the fax was misdirected. Cover sheet information is automatically built in to an e-mail.
- It is more likely a fax number will be reassigned: According to SaskTel, fax and phone numbers get reassigned quickly. If a preprogrammed fax number becomes out-of-date, faxes will likely be sent to the new holder of the number. This is not the case with e-mail and the sender gets a notification if the account is no longer active.
- Passwords for attachments: Another strong argument for e-mail over fax is the ability to require passwords on attachments. That way, if an e-mail is misdirected, the unintended recipient will have an extra barrier before accessing the information in the attachments. This works best if personal information and personal health information can be kept out of the text of the e-mail and limited to the attachments. Be sure to let the recipient know the password in a method other than email (such as by telephone). That way, if the email and its attachments are intercepted, the password won’t also be intercepted.
No matter what method you use, be safe!
It’s still ok to use fax to transmit personal information or personal health information so long as you are following best practices and have safeguards in place. See our resource Faxing Personal Information and Personal Health Information: Safeguards and Responding to a Breach for guidance.
But wait! It is equally as important to follow best practices when using e-mail as well. See this resource from the Office of the Information and Privacy Commissioner of British Columbia for best practices. Also, the Office of the Information and Privacy Commissioner of Ontario recently prepared this fact sheet about communicating personal health information by e-mail.