Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

12 winners named at CERAWeek clean tech pitch competition in Houston

top teams

Twelve teams from around the country, including several from Houston, took home top honors at this year's Energy Venture Day and Pitch Competition at CERAWeek.

The fast-paced event, held March 25, put on by Rice Alliance, Houston Energy Transition Initiative and TEX-E, invited 36 industry startups and five Texas-based student teams focused on driving efficiency and advancements in the energy transition to present 3.5-minute pitches before investors and industry partners during CERAWeek's Agora program.

The competition is a qualifying event for the Startup World Cup, where teams compete for a $1 million investment prize.

PolyJoule won in the Track C competition and was named the overall winner of the pitch event. The Boston-based company will go on to compete in the Startup World Cup held this fall in San Francisco.

PolyJoule was spun out of MIT and is developing conductive polymer battery technology for energy storage.

Rice University's Resonant Thermal Systems won the second-place prize and $15,000 in the student track, known as TEX-E. The team's STREED solution converts high-salinity water into fresh water while recovering valuable minerals.

Teams from the University of Texas won first and second place in the TEX-E competition, bringing home $25,000 and $10,000, respectively. The student winners were:

Companies that pitched in the three industry tracts competed for non-monetary awards. Here are the companies named "most-promising" by the judges:

Track A | Industrial Efficiency & Decarbonization

Track B | Advanced Manufacturing, Materials, & Other Advanced Technologies

  • First: Licube, based in Houston
  • Second: ZettaJoule, based in Houston and Maryland
  • Third: Oleo

Track C | Innovations for Traditional Energy, Electricity, & the Grid

The teams at this year's Energy Venture Day have collectively raised $707 million in funding, according to Rice. They represent six countries and 12 states. See the full list of companies and investor groups that participated here.

---

This article originally appeared on our sister site, EnergyCapitalHTX.com.

Houston startup is off to the races with its innovative running shoes

running start

Despite Houston’s reputation as a sneaker town, there are few actual shoe companies headquartered in the Bayou City. One that is up and running is Veloci Running, an innovative enterprise that combines the founder’s history as a track runner for Rice University with the realities of running in a changing world.

Tyler Strothman started running cross country growing up in Wisconsin and Indiana before moving to Texas to attend Rice in 2020. Naturally, his college life was altered significantly by the COVID-19 pandemic. Unfortunately, Strothman contracted the virus, leading to pneumonia and causing him to consider other plans for his future.

One thing that stood out from Strothman’s running career was how bad his shoes fit.

“Traditional shoes narrowed in, cramped the front of my feet, and it was causing foot pain,” he said in a video interview. “But any other shoes that were shaped to better fit the natural foot shape were more barefoot (style)—they were more minimalist overall. And that was hurting my calf and Achilles. It was pulling on it, kind of like a rubber band.”

Strothman decided to start Veloci and went on to win the annual Liu Idea Lab for Innovation and Entrepreneurship's H. Albert Napier Rice Launch Challenge in 2025. The win secured $50,000 in startup money, which Strothman used to immediately launch his new runner-centered shoe design with himself as the CEO at the age of 24.

Along for the jog was Strothman’s college friend, Austin Escamilla, who serves as chief operating officer. Escamilla believed in Strothman’s vision, but the project immediately ran into snags beyond Veloci’s control, particularly with manufacturing in Asia.

“It was quite a year to start a shoe business, especially dealing with tariffs and global economic trade tensions,” he said in the same video interview. “We've luckily had some really good partners and really solid advisors throughout the journey who've either done it or had some good feedback and advice. It certainly takes a village, but every day is different. So, it's fun to come into work every day and problem solve.”

The flagship Veloci shoe is the Ascent, which comes in both men’s and women’s sizes. It combines the wide toe cage that Strothman wanted with extra support cushion for a softer, easier run. They retail at $180. Strothman has personally been testing them for a year, noticing reduced lower leg pain when he runs.

At the same time, Veloci has attended to some of the more unique running problems in Houston and other hot, Southern states. A combination of heat and humidity makes for a very soggy shoe if not designed with such environments in mind. The Ascent is built to be very open and breathable, allowing hot air to flow and keeping sweat from building up. These various comfort improvements have made the Ascent Strothman’s favorite running shoe.

“I put on more pairs of this Veloci shoe than I have in my other running shoes in the last seven years,” he said

Currently, Veloci is still a very niche brand. Since the company launched last year, they’ve sold roughly 10,000 pairs. Those sales come either directly through their website or from specialty running stores, most of which are located around the Houston area, like Clear Creek Running Company in League City.

Building community around the shoe through these specialty retailers has been a prime marketing strategy. Part of the $50,000 grant went to a custom van that Veloci can take to various 5Ks, runs and events to get people interested in the brand. The personal touch has helped news of Veloci spread through the running world.

“We went to many run clubs throughout the last year,” said Escamillia. “We've been to pretty much every one of the major run clubs at least once or twice. Folks who try on the shoes, love them, become fans and post and repost…. The marketing side's been a lot of fun.”

Intuitive Machines lands $180M NASA contract for lunar delivery mission

to the moon

NASA has awarded Intuitive Machines a $180.4 million Commercial Lunar Payload Services (CLPS) award to deliver science and technology to the moon.

This is the fifth CLPS award the Houston spacetech company has received from NASA, according to a release. It will be the first mission to utilize Intuitive Machines' larger cargo lunar lander, Nova-D.

Known as IM-5, the mission is expected to deliver seven payloads to Mons Malapert, a ridge near the Lunar South Pole, which is a "compelling location for future communications, navigation, and surface infrastructure," according to the release.

“We believe our space infrastructure provides the scalability and flexibility needed to support an increased cadence of new Artemis missions and advance national objectives. This CLPS award accelerates our expansion efforts as we build, connect, and operate the systems powering that infrastructure,” Steve Altemus, CEO of Intuitive Machines, said in the release. “We look forward to working closely with NASA to deliver mission success on IM-5 and to provide sustained operations and persistent connectivity in the cislunar environment and across the solar system.”

The delivery will include the Australian Space Agency’s lunar rover, known as Roo-ver, and another lunar rover from Honeybee Robotics, a part of Jeff Bezos' Blue Origin. Intuitive Machines will also deliver chemical analysis instruments, radiation detectors and other technologies, as well as a capsule named Sanctuary that shows examples of human achievements.

Intuitive Machines previously completed its IM-1 and IM-2 missions, which put the first commercial lunar lander on the moon and achieved the southernmost lunar landing, respectively.

Its IM-3 mission is expected to deliver international payloads to the moon's Reiner Gamma this year. It’s IM-4 mission, funded by a $116.9 million CLPS award, is expected to deliver six science and technology payloads to the Moon’s South Pole in 2027.

The company also announced a $175 million equity investment to fuel growth earlier this month.

View All Listings