For HR Administrators
While fax machines are not as ubiquitous as they once were, several units still use faxes to communicate information at UBC. Here are some privacy and security tips on using faxes in the workplace.
- A good rule of thumb is that you should only fax or email personal information that you would feel comfortable discussing over the telephone if it were your own personal information. You should not fax or email sensitive personal information such as health information or financial information unless it is absolutely necessary to send it at once, and faxing or emailing is the only timely way to do so.
- Any fax machine used to send or receive personal information should be located in a place that prevents unauthorized persons from seeing faxed personal information. Access to the machine should be controlled.
- Always use a fax cover sheet. The cover sheet should clearly identify the sender (with call-back particulars for the sender) and the intended recipient. It should specify the total number of pages being sent. The cover sheet should also contain a confidentiality clause saying that the faxed material is confidential, is intended only for the stated recipient, and is not to be disclosed to or used by anyone else. The confidentiality clause should ask anyone who receives the fax in error to immediately notify the sender and then return or securely destroy the personal information, as the sender requests.
- Before you fax personal information, confirm that its recipient has taken appropriate precautions to protect the personal information upon receipt.
- If you use pre-programmed fax numbers, regularly check to ensure that the fax numbers are accurate and up to date.
- You should check each fax confirmation report at once to be sure the fax went to the right place––check the number on the report against the recipient’s number. Also check the number of pages actually transmitted and received.
- Retrieve material you are sending by fax from the fax machine as soon as it has been processed for sending. Don’t leave it sitting on or near the fax machine. When you’re faxing sensitive personal information, stay by the machine during faxing.
- If you must fax or email sensitive personal information such as health information or financial information, consider phoning first to confirm that the intended recipient is actually the right person to receive the fax to confirm, that the recipient will be there to receive the fax, and to confirm the recipient’s fax number. Ask the intended recipient to call to confirm receipt of the fax.
- If your fax machine has a feature that requires the recipient to enter a password before the recipient’s machine will print the fax, use that feature for sensitive personal information. Similarly, the recipient could arrange for the sender to make sure the recipient must supply a password to retrieve faxes of personal information.
- Do not make or keep more copies of faxed or emailed material than you truly need. Securely destroy extra copies.
Please note: Fax machines are like mini computers, they can store huge amounts of data. Depending on your configuration, there is a possibility someone could print out the last few faxes.
To learn more about information security at UBC, please visit http://it.ubc.ca/services/security/ubc-information-security-office.