General Considerations

  • Since faxing is not an especially secure method of sharing information, senders should consider using more secure ways of transmitting or sharing Personal or Special Personal Information wherever feasible.
  • Any fax machine used to send or receive Personal or Special Personal Information should be located in a place that prevents unauthorised persons from seeing the information. Access to the machine should be controlled.
  • If using pre-programmed fax numbers, regular monitoring should be done to ensure the fax numbers are accurate and up to date.
  • If regularly faxing Personal or Special Personal Information, the sender should consider using secure fax machines that employ encryption or other security measures. For example, if the fax machine has a feature that requires the recipient to enter a password before the recipient’s machine will print the fax, the sender should enable that feature.
  • If computers or Mobile Devices are used for sending, receiving or storing faxes:
    • the sender should create appropriate computer directories and passwords, so that faxes can only be sent, received and accessed by designated Users, using secret passwords;
    • before faxing Personal or Special Personal Information by computer modem, the sender should check that the recipient’s computer is protected in the same way.

Before Faxing Information

Before faxing Personal or Special Personal Information, the sender should consider contacting the intended recipient by phone or email to:

  • confirm the recipient’s fax number;
  • confirm that the recipient is actually the right person to receive the fax;
  • confirm that the recipient will be there to receive the fax;
  • confirm that the recipient will take appropriate precautions to protect the information upon receipt; and
  • ask the recipient to call to confirm receipt of the fax.

When Faxing Information

  • When faxing Personal or Special Personal Information, the sender should stay by the machine at all times during faxing.
  • The sender should retrieve faxed material from the fax machine, not leave it sitting on or near the fax machine.
  • Senders should always use a fax cover sheet containing the following information:
    • the sender’s identification (with call-back particulars);
    • the intended recipient;
    • the total number of pages being sent;
    • confidentiality clause saying that the faxed material is confidential, is intended only for the stated recipient, and is not to be disclosed to or used by anyone else; and
    • request for anyone who receives the fax in error to immediately notify the sender and then return or
      securely destroy the information, as the sender requests.

After Faxing Information

  • After faxing the information, the sender should review each fax confirmation report at once to be sure the fax went to the right place, checking the number on the report against the recipient’s number and verifying the number of pages that were actually transmitted and received.
  • If Personal or Special Personal Information is mistakenly faxed to the wrong person, or is otherwise compromised through faxing, and the information cannot be recalled, then the sender must report this to the Administrative Head, who will then initiate an investigation and report the incident in compliance with the POPI Act.
  • After faxing information, the sender should securely destroy any copies that are no longer needed.

Related Documents

  • Form PMP030_Guidelines for Use of Faxes by Employees
  • Form PMP032_Fax Cover Letter, Confidentiality Notice and Disclaimer