ylliX - Online Advertising Network
Sensitive Migrant Data Mishandled, Former Chicago Shelter Contractors Allege

Sensitive Migrant Data Mishandled, Former Chicago Shelter Contractors Allege


This story was a collaboration between the Investigative Project on Race and Equity and Borderless Magazine. 

CHICAGO — Tens of thousands of new arrivals have passed through Chicago’s migrant shelter system. Many of them might have had their data compromised because of how shelter employees and contractors handled their personal information, according to former shelter staff and documents reviewed by Borderless Magazine and the Investigative Project on Race and Equity.

In a complaint submitted to the U.S. Department of Health and Human Services (HHS) this month, two former Favorite Healthcare Staffing case managers contracted by Favorite alleged that Chicago’s shelters violated health information privacy laws by allowing shelter staff to access and download sensitive information on their own personal devices. The complaint notes that Favorite, the staffing company the City of Chicago hired to manage the migrant shelters, did not require data to be encrypted and allowed employees and independent contractors to share medical and other personal information over insecure communication channels. 

According to the complaint filed with HHS’s Office of Civil Rights, an unknown number of Favorite employees and independent contractors, including individuals who no longer worked in the shelters, were able to access migrants’ information without authorization. 

Both former case managers who filed the complaint with the federal government spoke to Borderless and the Investigative Project and showed reporters shelter files that they could still access despite no longer being employed by Favorite, though they noted they only accessed data for submitting their HHS claim and showing reporters. Additionally, they shared documentation they had collected from dozens of migrants who had become victims of extortion threats and scams following the mishandling of their data.

These are “ongoing administrative and control failures within immigration shelters,” said Anna P. Vizcarra, one of two former case managers who filed the complaint on behalf of around 60 migrants who came to her expressing concerns about the mishandling of data. The second former staff member, who we’re calling Sam, asked to use a pseudonym out of fear that it would affect their ability to find employment in the field.  

“Many employees who left or were terminated from the shelters were able to retain access to sensitive resident information after their departure, and in some cases, may have taken copies with them,” they wrote in their complaint.

The two said in an interview that they have not yet received a response to their complaint, which they filed with the federal government on Nov. 6. As of the time of publication, Borderless and the Investigative Project were awaiting response from the office of Chicago Mayor Brandon Johnson. Favorite and Chicago Department of Family and Support Services Commissioner Brandie V. Knazze did not respond to a request for comment.

But Vizcarra and Sam shared testimonies and photos provided by residents who say that they’ve started to receive unsolicited letters, texts, calls and emails from unknown sources notifying them of loan approvals and personal injury complaints, as well as links that appear to be phishing or scam attempts. In some cases, individuals reported to Vizcarra that they had received threats of extortion over the phone from unknown numbers.

“The breaches show a disregard for required safeguards, suggesting both negligence and potential willful disregard for the privacy and security of vulnerable individuals,” Vizcarra and Sam wrote in their complaint.

Borderless and the Investigative Project reviewed dozens of examples of internal record-keeping and communications from several shelters. Those records included spreadsheets designed to keep track of current shelter residents and WhatsApp, text and email messages shared among Favorite staff. In some cases, threads included county health officials. 

One spreadsheet that tracked current shelter residents contained, among other things, migrants’ date of birth, family status, race, nationality, sexuality, allergies, prescription medications, special needs and accommodations, and all forms of contact information.

According to the former case managers, Favorite Healthcare Staffing maintained spreadsheets like these for each of the migrant shelters, which were accessible and downloadable on staff’s personal devices. The sheets appeared to have no controls over who could edit or remove data.

“As soon as I started at Halsted [the largest migrant shelter] the supervisor asked me if I had a computer,” said Vizcarra, who was hired by Favorite in late 2023. “When I said yes, he told me I’d be using my computer.”

Vizcarra said that this concerned her because personal devices are not monitored and could be taken off the premises. “You can take your computer anywhere after work — and it contains all the information about the residents — race, pictures, everything,” she said. She said that after being transferred to work at a different Chicago shelter run by Favorite in January 2024, workers used similar practices.  

Both Vizcarra and Sam previously worked in federal shelters for migrants in California, Texas and Florida, where they said digital security requirements were rigid. Management allowed staff to use their personal cell phones only in cases of emergency, and workers did data entry in encrypted software on laptops that were provided by their employer. Staff were prohibited from taking laptops with sensitive data from the shelter building.

In one WhatsApp thread shared with Borderless and the Investigative Project, more than a dozen staff members at a shelter in Pilsen repeatedly shared migrants’ sensitive information — including medical information, birth dates, cell phone numbers, family status and photos as they arranged quarantine accommodations during a chickenpox outbreak late last year.

People hang out in front of Chicago’s largest migrant shelter in Pilsen on Feb. 23, 2024. Mauricio Peña/Borderless Magazine Credit: Mauricio Peña/Borderless Magazine

The city has run an emergency shelter system for migrants for over two years. That system, administered in large part by Favorite, has been the first stop for nearly 50,000 people seeking asylum in the United States. Chicago Mayor Brandon Johnson announced earlier this month that the majority of the city’s migrant shelters will close by the end of the year. 

A Kansas-based staffing agency that specializes in healthcare placements, Favorite was first contracted by the city in September 2022, shortly after Texas officials announced that they would send asylum seekers to Chicago, among other Democratic cities. In the following two years, Favorite set up and staffed more than two dozen shelters with supervisors, case managers, security personnel and other staff. The company has charged the city around $362 million for its services. 

Those services include managing an oversight system for migrants living in shelters. In an investigation published earlier this week, Borderless and the Investigative Project found that complaints filed by migrants went without response for weeks and shelter staff accused of misconduct were rarely disciplined. Migrants and staffers interviewed said they feared retaliation for speaking up about poor shelter conditions and treatment from staff.

The city has defended its reliance on Favorite despite public criticism of the high cost of its services and repeated allegations of poor conditions in the shelters. 

“Favorite is our only solution,” Department of Family and Support Services First Deputy Commissioner Jonathan Ernst told the Chicago Tribune in August. 

The following month, Mayor Johnson increased the city’s contract with the company by another $100 million. 

The city plans to end its contract with Favorite by the end of the year. 

This investigation was supported with funding from the Data-Driven Reporting Project. The Data-Driven Reporting Project is funded by the Google News Initiative in partnership with Northwestern University | Medill.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *