FDIC Issues Alert re Sensitive Data on Fax Machines
September 20, 2010 
1 Comment
If you are like my organization, you have clear policies on how to destruct your PC and server hard drives after they have run their useful lives. But have you thought about the implications of sensitive data stored on fax machines, photocopiers and printers?
Last week, the FDIC (Federal Deposit Insurance Corporation) issued guidance on mitigating risks posed by information stored on fax machines, photocopiers and printers. Financial institutions regularly use these machines to process financial transactions, loan documents and other business information. These documents often contain confidential customer information.
The FDIC is concerned that when these devices are disposed of, there is a risk that confidential data may be compromised if the devices hard drives and flash memories are not destroyed, encrypted or erased. They are recommending that financial institutions be aware of the risks posed by these devices and implement appropriate processes and procedures to mitigate the data loss at the time of disposal of these machines.
One way financial institutions can eliminate this risk is to replace their fax machines with a fax server. Fax servers can do far more than just replace fax machines. Not only do they provide an audit trail of what has been sent and received, they can integrate with MFPs and be leveraged by back-end business applications. Users can send and receive faxes from their email inbox and faxes can be routed as part of a work flow (business process).
By using a fax server, the need for fax machines and their associated security risks are eliminated. Of course, with a fax server one still needs to have an appropriate server hard drive data retention and destruction policy but one reduces the risk from many fax machines to a single server.
Replacing a company’s fax machines with a fax server has been proven to reduce costs and eliminate paper waste. According to Gartner, a world leading information technology research and advisory company, businesses can reduce faxing costs by as much as 50% by using a fax server rather than stand-alone fax machines.
In several recent publications by Gartner, they have made it clear that an outsourced fax service option may not be appropriate for organizations if their fax traffic contains sensitive or confidential data such as medical records, financial information or personal details.
Healthcare organizations and other businesses who process sensitive customer data on fax machines can also benefit from the FDIC guidance. You can read the full FDIC guidance on mitigating risks posed by information stored on fax machines, photocopiers and printers at http://www.fdic.gov/news/news/financial/2010/fil10056.pdf.
As the makers of Open Text Fax Server, RightFax Edition, the world’s leading fax server that is used by hundreds of financial institutions around the world, we are proud of our customers’ accomplishments with our fax server technology. If you are interested in learning more about RightFax, please visit http://faxsolutions.opentext.com/ and http://www.futureoffax.com/.
If you have not guessed, I love faxing and secure document communication. You can contact me at mbrine[at]opentext.com and you can follow me on my Twitter business account at www.twitter.com/mattbrine.
Matthew Brine
Vice President
Fax and Document Distribution Group
Open Text Corporation
Related posts:
In addition to the above, Jaap-Jan Pepping wrote to me with this link (http://bit.ly/c5c06T) to a story by CBS regarding security of data on photocopiers and MFPs.
Matthew