Fax to email technology puts companies at risk

Stricter controls over the use and abuse of our personal data could hammer companies that share information via the popular fax to email technology.

March 11, 2010

Stricter controls over the use and abuse of our personal data could hammer companies that share information via the popular fax to email technology.

The service has caught on because it’s a fast and efficient way to transmit data without having to walk to a fax machine. And because the email goes directly to a recipient’s in-box, the sender is confident the document is not languishing in a pile of unread faxes.

But there is a growing concern that the technology is less secure than it initially appeared, and companies could fall foul of tougher data protection rules, warns Craig Freer, MD of faxing experts Vox Amvia.

“Regulatory requirements such as the Protection of Personal Information Bill, Basel II and King III put the onus on companies to guarantee the integrity of information and data, and the authorities are going to come down hard on companies that don’t comply,” he says. “One of the biggest concerns is fax to email because it takes private data like bond applications and credit applications and puts it in an environment that is fundamentally not secure. So a bank using fax to email is putting confidential information at risk.”

Fax has traditionally been a secure delivery method because it is point-to-point, and because an audit trail shows where and when it was sent from, when it was received, and whether anyone tried to tamper with the content.

Most fax to email systems divert the outgoing document to a third party service provider that operates a fax to email server. The service provider wraps the document in an email and forwards it to the recipient. Yet neither the customer nor the recipient has any control over the data as it travels, putting themselves at risk. Fax to email can also be altered for fraudulent purposes.

That is a clear breach of legal requirements to prevent unauthorised access to private data and to document its history of access and usage. “Fax to email is a regulatory concern because companies don’t have any audit trail to see if the information has been interfered with,” says Freer.

The solution is to have the fax to email capability on the customer’s premises so no third parties are involved. Companies should also make sure employees do not sign up for a free, private fax to email service and use it for corporate data.

Price has been a drawback, however, since Telkom will only allow a company to run up to 300 direct inward dial numbers on their PRI line at a cost of about R35 a month per user. That makes it financially prohibitive to give each employee their own fax number.

Through Vox Amvia’s Xtenda solution companies have access to an affordable offering that allows them to be legally compliant. Xtenda allows any customer using the popular RightFax fax server software from Vox Telecom to route up to 15,000 fax numbers on a single PRI into their existing infrastructure. So they can afford to bring fax to email systems in-house and ditch risky third-party versions.

“Good corporate governance requires you to have the server on site, but it’s been expensive,” Freer says. “We can route 15,000 numbers onto a PRI with Xtenda compared to the previous 300. So the server sits inside the company and has enough numbers without a capacity upgrade. Xtenda allows companies to roll out fax to email to the whole organisation and meet compliancy requirements for zero extra cost.”

Rightfax users can experience all the benefits of free fax to email, whilst still ensuring they do not breach regulatory requirements.