eFax Blog

5 Ways Your Faxing Might Not Comply with Privacy Laws (and What to Do About it)

Compare All PlansStart Faxing Now
data privacy laws

If your organization continues to require faxing capability, and your IT team is still supporting that need with desktop fax machines, in-house fax servers and analog fax lines, I have some bad news, some good news, and some more bad news. Which would you like first?

Let’s get some of the bad news out of the way.

The bad news is, if your company uses fax today, the need for fax capability is probably here to stay for a while. When IDC surveyed hundreds of organizations across several key industries — including healthcare, manufacturing and financial services — they found that all of these industries were experiencing an increase in fax usage year over year.

year-to-year-fax-growth

When they asked these businesses why this was so, why they were still supporting a legacy communication protocol and even using it more frequently year over year, the most common response the researchers received was that “Customers and suppliers use it, which forces us to use it.”

Which means whatever troubles you and your IT team have propping up your in-house fax infrastructure — fax machine paper jams, crashed fax-server hard drives, etc. — aren’t going away anytime soon.


The Good News: A Unencrypted Analog Fax Might Be More Difficult to Hack Than an Unencrypted Email

The good news, however, is that although maintaining your legacy fax infrastructure might be costly and time-consuming, in one way it can give your company a security advantage over sending the same confidential or proprietary data as an unencrypted email.

Indeed, because the typical analog fax traverses the Public Switched Telephone Network, and even though it is not encrypted, it is still difficult to hack while in transit. Whereas an email is sent as plain text — easily intercepted and read or altered if it’s traveling over the Internet without the benefit of encryption — a standard fax is transmitted essentially as a voice call, although the a hacker would need some sophisticated fax-decoding technology to grab the data in transit.  And to do that they would need physical access to a secure telephone company central office, or direct access to the right pair of copper phone wires leaving your office.

So if you and your IT team are still maintaining an infrastructure of old fax hardware connected to legacy phone lines, that’s your one bit of good news: It’s almost certainly more secure, and as a result probably more likely to comply with your industry’s data-privacy regulations, than unencrypted email, which should never be used to transmit information about your customers.


The Bad News: There Are Plenty of Ways Your Company’s Fax Processes Might Be Violating Data Privacy Law Right Now

But here’s a lot of other bad news — and it’s serious. If your team is continuing to prop up aging in-house fax hardware like fax machines, fax-enabled multifunction printers and onsite fax servers, your staff could be unknowingly violating your industry’s data privacy laws — HIPAA, GLBA, SOX, FERPA, etc. — every day.

Here are five possible ways your company could be in noncompliance without even knowing it.

1.  Your staff leaves paper faxes containing personal customer data in public areas

This is probably the easiest way to land on the wrong side of any of the major federal laws protecting customers’ personally identifiable information (PII).

No matter how secure your fax transmissions are, if an inbound or outbound fax containing PII sits unattended on a fax machine in your office, particularly if the fax machine is located in a common area where other employees or even visitors might see it, this could be deemed a compliance violation.

Because all of these privacy laws — HIPAA, SOX, etc. and their state level equivalents — demand that businesses who handle PII maintain a tight chain of custody on this data at all times, you have to assume that if federal (or state) auditors were to visit your organization and ask to review how you transmit PII via fax, they would probably view this part of your process as a red flag.

2.  Your fax records retention processes fall short of compliance.

The major data privacy laws all have requirements for retaining records that contain PII —for example, that such records be maintained for some number of years, that they are stored securely at all times, and that they’re accessible if regulatory auditors ask to review them.

One of the problems with using paper-based faxing to send and receive PII data is that this type of faxing is largely a de-centralized process that the organization’s IT team or other administrators can’t fully track or document.

If someone in one of your company’s office receives a fax containing personal data about your customers — in other words, a fax regulated under your industry’s privacy laws — what’s your IT team’s process for ensuring you receive a copy of that fax and any relevant metadata about the transaction, so you can log it and secure it for record-keeping purposes? How would you even know that the transmission took place?

There are plenty of ways your company’s faxing processes might be violating data privacy laws right now.

3.  The hard drives of your fax machines and multifunction printers contain records of transmitted PII — another reason these devices are a security weakness.

Many organizations miss this faxing compliance vulnerability, so take note of it now. The desktop fax machines and multifunction printers your employees use to send and receive faxes actually store records of those faxes on their hard drives — and these records stay there until they are written over by new fax data.

This means that if your staff is transmitting PII data through your fax hardware, the drives of that hardware become a weakness in your data security process. To bring the devices up to compliance levels, you would need to secure their hard drives, implement a process for frequently wiping the data from them, or find some other way to tighten up this weak link in your regulated data’s chain of custody.

And if you’re thinking this sort of oversight would never come to the attention of federal regulators, consider this news item reported in the healthcare publication 4MedApproved. HIPAA auditors fined one health provider $1.2 million for returning leased copy machines that still had patient records on their hard drives.

It can happen. You’ve been warned.


4.  Purging your fax servers’ hard drives creates another compliance vulnerability.

Let’s assume the in-house fax servers your IT team manages have secured hard drives. (If they don’t, the drives themselves are another security and compliance weakness in your fax infrastructure.)

Even though the digital copies of your faxes, which are stored as image files, can be considered secure as long as they’re on the fax servers’ hard drives, eventually these drives reach capacity and have to be purged to make room for the records of new fax transmissions.

Often in these situations, someone in the organization will be tasked with printing out the contents of the drive so the archived faxes can be filed away for auditing and record-keeping purposes.

But here again, we have a chain-of-custody issue for any of those faxes that contain PII or other regulated data. Someone not authorized to view this personal customer information could walk by and see it. Someone might mistakenly leave these pages in an open and accessible area of the office.

Unless you have implemented a secure method of purging, printing and scanning and filing all fax records from your servers — a process that includes a tight chain of custody around both the digital and hardcopy versions of the records your company is purging — you should assume this part of your fax infrastructure also fails to meet data privacy compliance.

5.  Your company lacks a documented process for securing faxed PII — which itself is probably a compliance violation.

Finally, it’s important to understand that one thing all major data privacy laws — HIPAA, GLBA, SOX, FERPA, etc. — have in common is a requirement that regulated businesses develop and maintain a documented process detailing how they secure and safeguard the personal customer data under their care.

As a company in a regulated industry, you are obligated not only to secure your customers’ personal information — you’re also obligated to document how you do it, and to have that documentation handy if compliance auditors ask to review it.

And although your business may well have this documentation detailing how you protect PII on your servers, in your email network and through your cloud service providers, I’m guessing you haven’t yet documented a step-by-step description of how your team fortifies your faxing processes or secures your archived fax data after you’ve sent or received it.

For these and other reasons, your existing fax infrastructure likely falls short of compliance in at least a few ways. And unfortunately, if you maintain these legacy fax processes, you will find it difficult to bring the entire process up to your regulator’s standards.

remain-compliant-with-hipaa-sox-glba-fax-regulations

Bring All of Your Fax Processes Up to Compliance — Migrate to a Cloud Fax Partner Like eFax Corporate

But you can solve all of the compliance issues I’ve discussed here by making one simple migration — to a fully hosted cloud fax service like eFax Corporate.

For two decades, our enterprise-caliber service has been helping businesses in the most highly regulated industries receive, send and securely store their sensitive fax data. And today we are the cloud fax solution trusted by more regulated organizations — in healthcare, financial services, the law, real estate, manufacturing and government services — than any other provider.

With a cloud fax platform designed to meet the data transmission and storage needs of highly regulated businesses like yours, eFax Corporate knows how to deploy a custom solution that meets your firm’s needs for robust faxing capability, that helps bring your processes in line with regulators, that protects your fax data with the most advanced security available, and that will even lower your overall fax costs.  Cloud-based faxes are encrypted in transit and while in storage.  Every fax has a detailed audit trail, and can be stored on off-site secure cloud servers, for as long as your document retention policies allow.  

Send and receive faxes in minutes.

Related Articles

Business,Cybersecurity,Threats,-,Backdoor,Attack,For,Code,Models,,Hacking,
Customers & Business

How to Safeguard Your Online Fax System from Cybersecurity Threats

Hand,Touching,Secure,Access,Service,Edge,Icon,On,Smartphone,Virtual
Customers & Business

How to Migrate Your Legacy Fax System to the Cloud

Customers & Business

Fax Quality: Common Failures, Hidden Costs, and Quick Fixes

Ip,Telephony,Cloud,Pbx,Concept,,Telephone,Device,With,Illustration,Icon
Customers & Business

20+ Fax Facts That Will Change How You Think About Faxing in 2025

Customers & Business

Fax Workflow Automation in the Modern Digital Workplace

Customers & Business

Is VoIP Fax Secure? How to Protect Your Business Communications

Voip,Ip,Telephony,Cloud,Pbx,Concept.,Voip,Services,And,Networking
Customers & Business

POTS vs VoIP: Which One Will Dominate the Future of Business Communication?

Concept,Of,Printing,Machine,Office,Paperwork.,Businessman,Using,Virtual,Touchscreen
Customers & Business

What is Electronic Fax? A Comprehensive Guide for Modern Businesses

Young,Man,Watching,Stock,Market,On,Laptop
Customers & Business

Analog vs. Digital Fax: Why You Should Upgrade to a Modern Fax Solution

Customers & Business

How to Resend a Fax

Customers & Business

How to Securely Fax Insurance Documents Online

Sunnyvale,,Ca,,Usa,-,May,4,,2022:,Website,Homepage,Of
Customers & Business

How to Fax Individual IRS Tax Forms

Various,Blank,Usa,Tax,Forms,Close,Up
Customers & Business

How to Fax IRS Authorization & Representation Forms

Tax,Day,Concept.,Hand,Holding,Of,Form,1040.,U.s.,Individual
Customers & Business

How To Fax Business IRS Tax Forms

Conceptual,Business,Illustration,With,The,Words,Junk,Fax
Customers & Business

Fax Advertising Laws: What Every Business Should Know to Stay Compliant

Young,Black,Female,Hands,Typing,On,Pc,Keyboard.,African,Business
Customers & Business

Faxing in a Remote Work Environment: The Ultimate Guide

Streamlining,Operations,Effective,Ways,To,Cut,Costs,And,Boost,Efficiency
Customers & Business

How Online Faxing Can Reduce Costs and Simplify Business Workflows

In,Big,Diverse,Corporate,Office:,Portrait,Of,Beautiful,Asian,Manager
Customers & Business

How Can Online Fax Services Streamline Business Communications?

Woman,Working,Transmitter,Fax,Document,Is,Office,Equipment
Customers & Business

Fax Forwarding: What it is and How it Works

Aug,13th,2024,:,A,Woman,Holding,And,Using,Iphone
Customers & Business

How to Send a Fax from Your iPhone Without an App

Customers & Business

Digital Signatures: What Are They and How Do They Work?

Businesswoman,Hand,Working,With,Laptop,Computer,,Tablet,And,Smart,Phone
Customers & Business

What is Digital Fax?

Business,Hand,Working,In,Stock,Market,With,Fax,Icons,Coming
Customers & Business

What is Internet Fax?

Customers & Business

What is Mobile Fax?

Customers & Business

Can You Email to a Fax Machine? A Step-By-Step eFax Guide 

Customers & Business

How to Get a Fax Number: A Complete Guide

Customers & Business

How to Fax from a Scanner: A Step-by-Step Guide

Customers & Business

Beyond Physical Fax Machines: Modern Alternatives for Legal Document Transmission

Customers & Business

The Complete Guide to Fax Marketing

Customers & Business

What is an Enterprise Fax Solution?

African,Lawyer,,Woman,And,Writing,With,Tablet,,Thinking,Or,Decision
Customers & Business

Law Firm Compliance: Navigating Common Issues and Best Practices

Customers & Business

How To Fax a Prescription to a Pharmacy or Hospital

Digital,Law.,Ai,Law.,The,Concept,Of,Digital,Law,And
Customers & Business

The Complete Guide to Law Firm Data Security

Customers & Business

Fax Server: What Is It and How Does It Work?

businessman faxing check
Customers & Business

Can You Fax a Check? What You Need to Know

fax modem
Customers & Business

Fax Modems: What They Are and How to Choose One?

Electronic Signatures
Customers & Business

What Are Electronic Signatures: Key Benefits and Legalities

Plain Old Telephone Service
Customers & Business

POTS: The End of An Era and Start of New Beginnings

Dropbox HIPAA Compliant for Your Medical Practice
Customers & Business

Is Dropbox HIPAA Compliant for Your Medical Practice?

Scan To Fax
Customers & Business

Scan To Fax: How to Scan and Fax Using Mobile Phone

How to Fax from iPhone
Customers & Business

How to Fax from iPhone Using Notes: Step-by-Step Guide

Cloud-Fax-on-Tablet
Customers & Business

What Is Cloud Faxing?

VOIP Fax
Customers & Business

Fax over IP (FoIP): The Ultimate Guide For Businesses

What-Is-a-Fax-Number
Customers & Business

What is a Fax Number: Meaning and Importance Explained

An image of a phone faxing securely.
Customers & Business

Is Online Fax Secure in 2025? All You Need to Know

fax-medical-records
Customers & Business

How to Fax Medical Records: Tips for HIPAA Compliance

tech-handshake
Customers & Business

Integrated Fax: A Comprehensive Guide Into Fax Integrations

encryption-scaled-blog
Customers & Business

Are Faxes Encrypted?

fax-api
Customers & Business

Boost Productivity with the eFax API

efax vs fax
Customers & Business

The Difference Between eFax and Fax: Why Take Fax Online?

how-long-does-a-fax-take
Customers & Business

How Long Does A Fax Take To Send?

Fax Machine Copier Printer
Customers & Business

Fax Near Me: How to Find Faxing Services Near Me?

what is a fax
Customers & Business

What is a Fax?

An image of a MacBook and iPhone, both of which can be used to send faxes.
Customers & Business

What is a Fax Machine and How Does It Work?

print-to-fax-button
Customers & Business

What is Print to Fax?

Cloud Based Faxing
Customers & Business

Top 5 Reasons Why Faxing is Important to Business

fax school
Customers & Business

Schools & Faxing – 3 Things You Need to Know About Internet Faxing

work from home office
Customers & Business

Financial Services Firms: Reap the Benefits of Cloud Fax During the Pandemic and Beyond

hp multifunction printer
Customers & Business

eFax Corporate’s Secure Cloud Fax Solution Ignites the Workpath Line of Hewlett Packard Multifunction Printers

verizon one talk
Customers & Business

eFax Corporate Now Available to Millions of Verizon Business Customers Across North America

AWS Marketplace
Customers & Business

eFax Corporate Brings Cloud Fax Technology to AWS Customers Worldwide

Is Fax Secure
Customers & Business

5 Reasons Why eFax Corporate is a Game Changer Across All Industries: It’s Secure!

accounting
Customers & Business

5 Benefits of Online Fax Services for Accounting

online-fax-education
Customers & Business

5 Benefits of Online Fax Services For Educational Institutions

manufacturing
Customers & Business

5 Benefits of Online Fax Services for Manufacturing and Construction

transportation
Customers & Business

5 Benefits of Online Fax Services for Transportation Businesses

Fax-Tracking
Customers & Business

Fax Tracking: How To Know Where Your Fax Is

businesses use fax
Customers & Business

Are Faxes Still Used? Understanding the Modern Day Uses

fax tax forms
Customers & Business

IRS Fax Numbers To Fax Your Tax Forms

International Digital Faxing
Customers & Business

Online Fax Number Examples: International & Local Formats

Fax Machine
Customers & Business

Fax Machine Prices: Factors, Features, and Cost Considerations

best small business fax service
Customers & Business

Choose the Best Online Fax Services for Small Business

Fax Machine Alternative
Customers & Business

Fax Machine Alternatives: Why Online Faxing is More Reliable?

Find the Best Fax App
Customers & Business

Best Fax App: How to choose The Right One?

Online Signature
Customers & Business

Are Electronic Signatures Legal? Your Guide to E-Signature Validity

why-do-doctors-still-use-fax-scaled
Customers & Business

Why Do Doctors Still Use Fax?

cloud-based-fax-scaled
Customers & Business

6 Benefits of Cloud Based Fax Services

insurance-scaled
Customers & Business

5 Benefits of Online Fax Services for Insurance Companies

healthcare-scaled
Customers & Business

5 Benefits of Online Fax Services for Healthcare

can-faxes-be-intercepted-scaled
Customers & Business

Can a Fax Be Intercepted?

back2future
Customers & Business

7 Best Fax Moments in Film and TV

secure-file-sharing-blog
Customers & Business

The Best Way to Share Documents Online

j2-global-blog-post
Customers & Business

Consensus Spin-Off Cloud Fax and Electronic Signature Products as New Public Companies

previous arrow icon
next arrow icon