Abstract Many humanitarian organizations in the United States work with the information of undocumented migrants to help them secure services that might otherwise be unattainable to them. Information and communication technologies can help their work, but can also significantly exacerbate the risks that undocumented individuals are facing, and expose them to security breakages, leaks, hacks, inadvertent disclosure, and courts requests. This study aims to provide a preliminary understanding of the information practices and systems that US humanitarian organizations employ to protect the privacy of the undocumented individuals they serve. To do so, we conducted interviews and an analysis of organizations' working documents within humanitarian organizations on the US West Coast, including advocacy groups and organizations with ties to higher education. Our outcomes show gaps between current legal standards, technology best practices, and the day‐to‐day functioning of the organizations. We contend the necessity of support to humanitarian organizations in further developing standards and training for digital privacy.