Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Rice University launches hub in India to drive education, tech innovation abroad

global mission

Rice University is launching Rice Global India, which is a strategic initiative to expand India’s rapidly growing education and technology sectors.

“India is a country of tremendous opportunity, one where we see the potential to make a meaningful impact through collaboration in research, innovation and education,” Rice President Reginald DesRoches says in a news release. “Our presence in India is a critical step in expanding our global reach, and we are excited to engage more with India’s academic leaders and industries to address some of the most pressing challenges of our time.”

The new hub will be in the country’s third-largest city and the center of the country’s high-tech industry, Bengaluru, India, and will include collaborations with top-tier research and academic institutions.

Rice continues its collaborations with institutions like the Indian Institute of Technology (IIT) Kanpur and the Indian Institute of Science (IISc) Bengaluru. The partnerships are expected to advance research initiatives, student and faculty exchanges and collaborations in artificial intelligence, biotechnology and sustainable energy.

India was a prime spot for the location due to the energy, climate change, artificial intelligence and biotechnology studies that align with Rice’s research that is outlined in its strategic plan Momentous: Personalized Scale for Global Impact.

“India’s position as one of the world’s fastest-growing education and technology markets makes it a crucial partner for Rice’s global vision,” vice president for global at Rice Caroline Levander adds. “The U.S.-India relationship, underscored by initiatives like the U.S.-India Initiative on Critical and Emerging Technology, provides fertile ground for educational, technological and research exchanges.”

On November 18, the university hosted a ribbon-cutting ceremony in Bengaluru, India to help launch the project.

“This expansion reflects our commitment to fostering a more interconnected world where education and research transcend borders,” DesRoches says.

UH-backed project secures $3.6M to transform CO2 into sustainable fuel with cutting-edge tech

funds granted

A University of Houston-associated project was selected to receive $3.6 million from the U.S. Department of Energy’s Advanced Research Projects Agency-Energy that aims to transform sustainable fuel production.

Nonprofit research institute SRI is leading the project “Printed Microreactor for Renewable Energy Enabled Fuel Production” or PRIME-Fuel, which will try to develop a modular microreactor technology that converts carbon dioxide into methanol using renewable energy sources with UH contributing research.

“Renewables-to-liquids fuel production has the potential to boost the utility of renewable energy all while helping to lay the groundwork for the Biden-Harris Administration’s goals of creating a clean energy economy,” U.S. Secretary of Energy Jennifer M. Granholm says in an ARPA-E news release.

The project is part of ARPA-E’s $41 million Grid-free Renewable Energy Enabling New Ways to Economical Liquids and Long-term Storage program (or GREENWELLS, for short) that also includes 14 projects to develop technologies that use renewable energy sources to produce sustainable liquid fuels and chemicals, which can be transported and stored similarly to gasoline or oil, according to a news release.

Vemuri Balakotaiah and Praveen Bollini, faculty members of the William A. Brookshire Department of Chemical and Biomolecular Engineering, are co-investigators on the project. Rahul Pandey, is a UH alum, and the senior scientist with SRI and principal investigator on the project.

Teams working on the project will develop systems that use electricity, carbon dioxide and water at renewable energy sites to produce renewable liquid renewable fuels that offer a clean alternative for sectors like transportation. Using cheaper electricity from sources like wind and solar can lower production costs, and create affordable and cleaner long-term energy storage solutions.

Researchers Rahul Pandey, senior scientist with SRI and principal investigator (left), and Praveen Bollini, a University of Houston chemical engineering faculty, are key contributors to the microreactor project. Photo via uh.edu

“As a proud UH graduate, I have always been aware of the strength of the chemical and biomolecular engineering program at UH and kept myself updated on its cutting-edge research,” Pandey says in a news release. “This project had very specific requirements, including expertise in modeling transients in microreactors and the development of high-performance catalysts. The department excelled in both areas. When I reached out to Dr. Bollini and Dr. Bala, they were eager to collaborate, and everything naturally progressed from there.”

The PRIME-Fuel project will use cutting-edge mathematical modeling and SRI’s proprietary Co-Extrusion printing technology to design and manufacture the microreactor with the ability to continue producing methanol even when the renewable energy supply dips as low as 5 percent capacity. Researchers will develop a microreactor prototype capable of producing 30 MJe/day of methanol while meeting energy efficiency and process yield targets over a three-year span. When scaled up to a 100 megawatts electricity capacity plant, it can be capable of producing 225 tons of methanol per day at a lower cost. The researchers predict five years as a “reasonable” timeline of when this can hit the market.

“What we are building here is a prototype or proof of concept for a platform technology, which has diverse applications in the entire energy and chemicals industry,” Pandey continues. “Right now, we are aiming to produce methanol, but this technology can actually be applied to a much broader set of energy carriers and chemicals.”

------

This article originally ran on EnergyCapital.

Houston innovator drives collaboration, access to investment with female-focused group

HOUSTON INNOVATORS PODCAST EPISODE 262

After working in technology in her home country of Pakistan, Samina Farid, who was raised in the United States, found her way to Houston in the '70s where business was booming.

She was recruited to work at Houston Natural Gas — a company that would later merge and create Enron — where she rose through the ranks and oversaw systems development for the company before taking on a role running the pipelines.

"When you're in technology, you're always looking for inefficiencies, and you always see areas where you can improve," Farid says on the Houston Innovators Podcast, explaining that she moved on from Enron in the mid-'80s, which was an exciting time for the industry.

"We had these silos of data across the industry, and I felt like we needed to be communicating better, having a good source of data, and making sure we weren't continuing to have the problems we were having," she says. "That was really the seed that got me started in the idea of building a company."

She co-founded Merrick Systems, a software solutions business for managing oil and gas production, with her nephew, and thus began her own entrepreneurial journey. She came to another crossroads in her career after selling that business in 2014 and surviving her own battle with breast cancer.

"I got involved in investing because the guys used to talk about it — there was always men around me," Farid says. "I was curious."

In 2019, she joined an organization called Golden Seeds. Founded in 2005 in New York, the network of angel investors funding female-founded enterprises has grown to around 280 members across eight chapters. Suzan Deison, CEO of the Houston Women's Chamber, was integral in bringing the organization to Houston, and now Farid leads it as head of the Houston Chapter of Golden Seeds.

For Farid, the opportunity for Houston is the national network of investors — both to connect local female founders to potential capital from coast to coast and to give Houston investors deal flow from across the country.

"It was so hard for me to get funding for my own company," Farid says. "Having access to capital was only on the coasts. Software and startups was too risky."

Now, with Golden Seeds, the opportunity is there — and Farid says its an extremely collaborative investor network, working with local organizations like the Houston Angel Network and TiE Houston.

"With angel investing, when we put our money in, we want these companies to succeed," she says."We want more people to see these companies and to invest in them. We're not competing. We want to work with others to help these companies succeed."

View All Listings