Many humanitarian organizations in the United States work with the information of undocumented migrants to help them secure services that might otherwise be unattainable to them. Information and communication technologies can help their work, but can also significantly exacerbate the risks that undocumented individuals are facing, and expose them to security breakages, leaks, hacks, inadvertent disclosure, and courts requests. This study aims to provide a preliminary understanding of the information practices and systems that US humanitarian organizations employ to protect the privacy of the undocumented individuals they serve. To do so, we conducted interviews and an analysis of organizations' working documents within humanitarian organizations on the US West Coast, including advocacy groups and organizations with ties to higher education. Our outcomes show gaps between current legal standards, technology best practices, and the day-to-day functioning of the organizations.We contend the necessity of support to humanitarian organizations in further developing standards and training for digital privacy. /journal/isd2 1 of 8 20208 ;8 8 6 8 8 :e12109. 8 changes, the legal and social services offered by humanitarian information organizations have taken on greater importance in the lives of the undocumented, as has the obligation of these organizations to protect the privacy of the vulnerable populations they serve.
| LITERATURE REVIEWUndocumented migrants in the United States experience complex relations with privacy, security, and social activism, as their information behaviors are mediated by the constant fear of detention and deportation in their daily lives (Vannini et al., 2016). In this study, we focus on humanitarian organizations that work with the undocumented in the country, and we aim to identify the information systems and practices currently used by these organizations to assess how they protect the privacy of the people they aim to serve.Our interviews and document analyses were informed by several studies that are more technical or prescriptive in nature. First are two sets of guidelines, one by Collier (2017) and a second by Raymond (Raymond, Al Achkar, Verhulst, Berens, & Barajas, 2016), that suggest specific approaches to institutional audits of information systems and practices. In response to the crisis faced by "many of our students [who] are at risk of deportation, of brutality, of harassment," Collier (2017) urges academic institutions to restyle themselves as "digital sanctuaries" for student data, retaining as little information as possible on students, having clear protocols and training for the storage and sharing of data, and reconsidering the necessity of using third-party vendors such as providers of online course interfaces and the plagiarism detection service Turnitin.Raymond (Raymond et al., 2016) proposes a four-step process for information security audits by humanitarian organizations, briefly, evaluating the purpose for which data are generated and shared, taking inventory of the d...
