We normally would direct these types of inquiries toward our online or telephone banking systems. When we need to send the data out by other means we use faxes, online banking messages, or an encrypted email service. The encrypted email service (run by our firewall provider) is really just a secure website. When an employee sends a secure email the customer receives a message asking them to setup a password for their email address on the site. Then when they receive future messages saying they have an encrypted email, they just log in to the secure site with the password they setup. We haven't had an customer complaints about the system since we started using it.
On the security of faxes vs. email... While its true that most faxes aren't encrypted, they do provide some security by the means they are transmitted. Someone would have to tap a fax receiver into that specific line in order to intercept it. As for faxes being picked up off the machine by someone other than the person intended - that is the recipient's responsibility to have proper fax machine security practices on their end. Emails can have a similar risk if the recipient leaves their email client logged in (but not locked) when they are away from their desk (or phone, laptop, etc.) Where the biggest danger lies is in the fact that unencrypted emails are like the postcards of the internet. Anyone with access to the dozens of machines between you and your recipient can read the message. It could be an ISP employee, government agency, or hackers. It's a risk you shouldn't take with a customer's non-public information.