Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Houston palliative care company integrates with Epic platforms

epic scale

Patients and medical teams using MyChart and other Epic Systems' software will now be able to access Houston-based Koda Health's AI-enhanced end-of-life planning platform.

The Houston-based palliative care company, which was born out of the TMC's Biodesign Fellowship, has integrated its advance care planning platform with Epic, one of the most widely used electronic health record (EHR) systems in the U.S., according to a news release.

Epic estimates that more than 325 million patients have a current electronic record in its systems.

“This is a significant milestone for our mission to make advance care planning scalable, meaningful, and seamless,” Tatiana Fofanova, CEO and co-founder of Koda Health, said in the release. “By integrating into systems already used by care teams, we help eliminate friction and ensure that care delivery honors what patients truly want—especially during serious illness and at the end of life.”

The partnership will streamline processes for both patients and clinicians. Users will be able to drop advance care plans directly into the Epic charts, which will be accessible through MyChart for patients and proxies and through Epic Hyperspace/Hyperdrive for care teams. Doctors can also initiate and manage advance care plans through a simple Epic order for patients.

According to Koda Health, its platform saves an average of $10,000 to $15,000 per patient. Roughly 85 percent of users complete advance care plan documents when using the platform, which is four times the national average.

“We developed Koda to give providers the time, training, and tools to guide these critical conversations," Dr. Desh Mohan, co-founder and chief medical officer at Koda Health, added in the statement. "Our integration now makes it possible to operationalize ACP at scale—aligned with value-based care goals and clinical reality.”

The company announced a partnership with Dallas-based Guidehealth, which integrates into primary care workflows and allows providers to identify high-risk patients, coordinate care and reduce administrative burden. Guidehealth works with more than 500,000 patients

Koda Health was founded in 2020 and closed an oversubscribed seed round for an undisclosed amount last year, with investments from AARP, Memorial Hermann Health System and the Texas Medical Center Venture Fund. The company also added Kidney Action Planning to its suite of services in 2024.

Xfinity goes all-in with new national internet plan

Everything's Included

Following the successful launch and positive consumer reaction to Xfinity’s new 5-year guarantee, the nation’s largest Internet Service Provider (ISP) has launched its everyday pricing (EDP) structure with four simple national Internet tiers that include unlimited data and the advanced Xfinity WiFi Gateway for one low monthly price.

This move is part of the company’s broader strategy to give consumers simple, predictable, all-in plans for the best WiFi in the market. All plans include a line of Xfinity Mobile at no additional cost for a year.

“We said we were going to go ‘all-in’ on a new pricing strategy and we are delivering with our 5-year price lock and our new everyday price plans," says Steve Croney, chief operating officer, Connectivity & Platforms at Comcast. "Now all our Xfinity Internet packages are built on simplicity and transparency — no hidden fees, no confusion — just the best, most reliable and secure WiFi that sets a new standard for the ultimate connected experience. We’re coming out swinging with a superior WiFi product that easily beats the competition at an even better price point for customers.”

 Xfinity pricing table Graphic courtesy of Xfinity

Xfinity delivers the fastest, most reliable* WiFi experience with multi-gig speeds, a low-lag connection for gaming and streaming, the capacity to connect hundreds of devices in the home, and unbeatable wall-to-wall WiFi coverage.

The Xfinity WiFi Gateway blankets the home with cybersecurity protection and provides other advanced WiFi features and parental controls, all easily accessible in the newly redesigned Xfinity app, allowing customers to optimize and manage their WiFi experience in the home.

An unlimited line of Xfinity Mobile is also included at no cost for a year with these plans.

Only Xfinity Mobile customers have access to WiFi PowerBoost, a game-changing feature which increases Xfinity Mobile speeds up to 1 gig — no matter the plan they choose — when they are connected over WiFi in the home or anywhere else on the Xfinity WiFi network, the largest and fastest in the nation.

With 90 percent of mobile traffic traveling over WiFi, Xfinity Mobile is created for how customers use their mobile devices, combining the nation’s best WiFi with the most reliable 5G network.

Consumers can sign up for Xfinity Internet and Xfinity Mobile online at www.xfinity.com or at their local Xfinity store.

---

*www.opensignal.com

Houston startup funding surpasses $1B in 2025 despite national slowdown

by the numbers

Houston-area startups raised more than $1 billion in venture capital during the first half of 2025 — almost double the haul for the first half of last year.

According to the new PitchBook-NCVA Venture Monitor, Houston-area startups raised $417.2 million in the second quarter of this year, compared with $281 million during the same period last year. In the first quarter of 2025, local startups collected $607.5 million in venture capital, compared with $281 million during the same period a year earlier.

Based on those figures, Houston-area startups picked up slightly over $1 billion in VC during the first half of this year, compared with $535 million in the first half of 2024.

Nationally, startups gained almost $70 billion in VC in the second quarter, down 25 percent from the same period a year ago, the PitchBook-NCVA Venture Monitor says.

Nizar Tarhuni, executive vice president of research and market intelligence at PitchBook, explained that “the VC landscape continues to navigate a fragile recovery” and is constrained by economic uncertainty.

However, startups in certain sectors are poised to attract a great deal of attention and venture capital over the next several years, according to the report.

“Companies operating in AI, national security, defense tech, fintech, and crypto — sectors aligned with the administration’s priorities — are attracting disproportionately more investor interest, and this trend will likely continue throughout President Donald Trump’s term,” the report says.

The AI sector accounted for 64 percent of VC deal value in the first half of 2025, according to the report.

View All Listings