Like most industries in the U.S., online fax services are largely regulated by the government. In particular, the Federal Communications Commission (FCC) has the ability to levy strict fines and penalties for unsolicited "junk faxes." In 2005, the Junk Fax Prevention Act was signed into law by President George W. Bush to end the proliferation of unsolicited junk faxes.
Under that law, penalties start at $500 for each page sent without following the government's strict guidelines. Only if they meet the following criteria are junk faxes legal to send:
- You receive the recipient's number as part of a contract or application.
- You find the contact information on an advertisement or directory, assuming it does not state that the contact won't accept unsolicited faxes.
- You have ensured that the person you're faxing agreed to have their information listed on the directory or advertisement.
In the event that you are legally able to send an unsolicited fax, the legislation requires you to give your recipients a way to opt out of future faxes. The notice must include your contact information on the first page of any documents you send, and you must reply within 30 days of receiving an opt-out request. Fax laws vary by location, so make sure you understand the laws in your area before you start sending faxes.
Other major regulations surrounding the internet have a potential impact on online faxing, including the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA).
Having gone into effect at the start of the year, CCPA has been billed by government officials as California's version of GDPR. While both regulations focus on consumer data rights, companies would be remiss to imagine their compliance with the EU's law automatically puts them in compliance with CCPA. For instance, the latter regulation doesn't apply to companies that refrain from doing business in California. Given that online fax solutions operate over the internet, which has no inherent borders, companies will likely have to decide between restricting California fax numbers or being forced to change how customer data is protected, stored and deleted.
While all these regulations are something to consider when seeking out an online fax provider, companies that operate outside of the U.S. may not have to abide by the Junk Fax Prevention Act or CCPA. Thanks to the universal nature of the internet, however, they may still have to adhere to the GDPR if their fax senders or recipients fall under its jurisdiction.
Data Security Warning
June 2020: One of the major selling points for online fax services may be in jeopardy, as a recent report from Gizmodo revealed some major security issues with the technology. The tech site says it located and identified "three separate commercial cloud storage servers" containing scores of faxes that included private information.
Among the documents Gizmodo found were sensitive items like "insurance claims, invoices, government forms, family photos, checks, prescription information, bank account details, and Social Security numbers." In many cases, those documents could be downloaded by anyone "for years."
The main issue here is the use of Amazon's Simple Storage Service (S3), which many companies use to store files. This stems from developers who make S3 file buckets public for testing but fail to switch them over to private, leaving sensitive data exposed.
Though Gizmodo refrains from naming specific online fax services, prospective users of the technology should read the report and make up their own minds. With files dating as far back as 2013, this lack of data security is something everyone should think about before signing up for an online fax service.