Faxing Medium, High or Very High Risk Information

Information Security Guideline

1. Introduction

  • 1.1 UBC information that is sent or received via fax is at risk of being intercepted and copied by unauthorized parties. Users have a responsibility to protect this information, especially when it is Medium, High or Very High Risk Information.
  • 1.2 This guideline has been issued by the Chief Information Officer to supplement the Transmission and Sharing of UBC Electronic Information standard. Compliance with this guideline is recommended, but not mandatory. Questions about this guideline may be referred to information.security@ubc.ca.

2. General Considerations

  • 2.1 Since faxing is not an especially secure method of sharing information, senders should consider using more secure ways of transmitting or sharing Medium, High or Very High Risk Information wherever feasible.
  • 2.2 Any fax machine used to send or receive Medium, High or Very High Risk Information should be located in a place that prevents unauthorized persons from seeing the information. Access to the machine should be controlled.
  • 2.3 If using pre-programmed fax numbers, regular monitoring should be done to ensure the fax numbers are accurate and up to date.
  • 2.4 If regularly faxing Medium, High or Very High Risk Information, the sender should consider using secure fax machines that employ encryption or other security measures. For example, if the fax machine has a feature that requires the recipient to enter a password before the recipient’s machine will print the fax, the send`er should enable that feature.
  • 2.5 If computers or Mobile Devices are used for sending, receiving or storing faxes:
    • 2.5.1 the sender should create appropriate computer directories and passwords, so that faxes can only be sent, received and accessed by designated Users, using secret passwords;
    • 2.5.2 before faxing Medium, High or Very High Risk Information by computer modem, the sender should check that the recipient’s computer is protected in the same way; and
    • 2.5.3 if faxing High or Very High Risk Information then the computer or Mobile Device must be compliant with the Encryption Requirements standard.

3. Before Faxing Information

  • 3.1 Before faxing Medium, High or Very High Risk Information, the sender should consider contacting the intended recipient by phone or email to:
    • 3.1.1 confirm the recipient’s fax number;
    • 3.1.2 confirm that the recipient is actually the right person to receive the fax;
    • 3.1.3 confirm that the recipient will be there to receive the fax;
    • 3.1.4 confirm that the recipient will take appropriate precautions to protect the information upon receipt; and
    • 3.1.5 ask the recipient to call to confirm receipt of the fax.

4. When Faxing Information

  • 4.1 When faxing Medium, High or Very High Risk Information, the sender should stay by the machine at all times during faxing. The sender should retrieve faxed material from the fax machine, not leave it sitting on or near the fax machine.
  • 4.2 Senders should always use a fax cover sheet containing the following information:
    • 4.2.1 the sender’s identification (with call-back particulars);
    • 4.2.2 the intended recipient;
    • 4.2.3 the total number of pages being sent;
    • 4.2.4 a confidentiality clause saying that the faxed material is confidential, is intended only for the stated recipient, and is not to be disclosed to or used by anyone else; and
    • 4.2.5 a request for anyone who receives the fax in error to immediately notify the sender and then return or securely destroy the information, as the sender requests.

5. After Faxing Information

  • 5.1 After faxing the information, the sender should review each fax confirmation report at once to be sure the fax went to the right place, checking the number on the report against the recipient’s number and verifying the number of pages that were actually transmitted and received.
  • 5.2 If Medium, High or Very High Risk Information is mistakenly faxed to the wrong person, or is otherwise compromised through faxing, and the information cannot be recalled, then the sender must report this to the Administrative Head of Unit, who will then initiate an investigation and report the incident in compliance with the Reporting Cybersecurity Incidents standard.
  • 5.3 After faxing information, the sender should securely destroy any copies that are no longer needed.

Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems

Transmission and Sharing of UBC Electronic Information standard

Guideline Last Revised: 2021-02

Page last updated on January 26, 2026

Office of the CIO

6356 Agricultural Road
Vancouver, BC Canada
V6T 1Z2
604 822 3634
E-mail ubc.cio@ubc.ca

Related Sites

Need Help?

Urgent Message An exclamation mark in a speech bubble. Bluesky The logo for the Bluesky social media service. Bookmark A bookmark in a book. Browser A web browser window. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Time A clock. Chats Two speech clouds. E-commerce Cart A shopping cart. Facebook The logo for the Facebook social media service. Help A question mark in a circle. Home A house in silhouette. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Locked A locked padlock. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Pencil A pencil indicating that this is editable. Telephone An antique telephone. Play A media play button. Plus A plus symbol indicating more or the ability to add. Print A printer pushing out a piece of paper. Search A magnifying glass. Settings A single gear. Arrow indicating share action A directional arrow. Speech Bubble A speech bubble. Star An outline of a star. Twitter / X The logo for the X (aka, Twitter) social media service. User A silhouette of a person. Vimeo The logo for the Vimeo video sharing service. Youtube The logo for the YouTube video sharing service.