Humanitarian organizations frequently do not fully address the implications of collecting, storing, and using data about vulnerable populations. We propose a conceptual framework for Humanitarian Information Activities (HIA), especially in the context of undocumented migration. We examine this framework in the light of both a survey of the literature and a pilot study that examines HIA activities in three distinct contexts: 1) higher education institutions that provide support to undocumented students, 2) non-profit organizations that provide legal support to undocumented immigrants, and 3) humanitarian organizations assisting undocumented migrants near the US-Mexico border. We discuss both technological and human risks in HIA, the limitations of privacy self-management, and the need for clear privacy-related guidelines for HIA. We conclude suggesting guidelines to strengthen the privacy protection offered to vulnerable populations by humanitarian organizations in the context of irregular migration.