Hello,
As you go about protecting confidential information there are numerous security controls from a wide variety of standards bodies and government agencies. As digital faxing (system or service) continues to grow, where are you finding guidance on how to protect your data? Do you treat it like the traditional analog fax or do you classify it as another form of email?
After much searching and asking peers around the country the guidance falls into those two categories. I finally wrote to the IRS and asked them about this. They gave me a very detailed answer and referenced the appropriate sections of Pub 1075. The bottom line is that they see it as an email system. Since we currently don't allow by policy the sending of any FTI by email, and PII only by encrypted email, we are expanding our policy to include digital fax. FYI, I use the term "digital fax", but the IRS calls it e-Fax. However, e-Fax is a commercial product so I'm using a more generic term.
What do you think about using this "new" technology and how would you protect your data?