Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Houston team develops low-cost device to treat infants with life-threatening birth defect

infant innovation

A team of engineers and pediatric surgeons led by Rice University’s Rice360 Institute for Global Health Technologies has developed a cost-effective treatment for infants born with gastroschisis, a congenital condition in which intestines and other organs are developed outside of the body.

The condition can be life-threatening in economically disadvantaged regions without access to equipment.

The Rice-developed device, known as SimpleSilo, is “simple, low-cost and locally manufacturable,” according to the university. It consists of a saline bag, oxygen tubing and a commercially available heat sealer, while mimicking the function of commercial silo bags, which are used in high-income countries to protect exposed organs and gently return them into the abdominal cavity gradually.

Generally, a single-use bag can cost between $200 and $300. The alternatives that exist lack structure and require surgical sewing. This is where the SimpleSilo comes in.

“We focused on keeping the design as simple and functional as possible, while still being affordable,” Vanshika Jhonsa said in a news release. “Our hope is that health care providers around the world can adapt the SimpleSilo to their local supplies and specific needs.”

The study was published in the Journal of Pediatric Surgery, and Jhonsa, its first author, also won the 2023 American Pediatric Surgical Association Innovation Award for the project. She is a recent Rice alumna and is currently a medical student at UTHealth Houston.

Bindi Naik-Mathuria, a pediatric surgeon at UTMB Health, served as the corresponding author of the study. Rice undergraduates Shreya Jindal and Shriya Shah, along with Mary Seifu Tirfie, a current Rice360 Global Health Fellow, also worked on the project.

In laboratory tests, the device demonstrated a fluid leakage rate of just 0.02 milliliters per hour, which is comparable to commercial silo bags, and it withstood repeated disinfection while maintaining its structure. In a simulated in vitro test using cow intestines and a mock abdominal wall, SimpleSilo achieved a 50 percent reduction of the intestines into the simulated cavity over three days, also matching the performance of commercial silo bags. The team plans to conduct a formal clinical trial in East Africa.

“Gastroschisis has one of the biggest survival gaps from high-resource settings to low-resource settings, but it doesn’t have to be this way,” Meaghan Bond, lecturer and senior design engineer at Rice360, added in the news release. “We believe the SimpleSilo can help close the survival gap by making treatment accessible and affordable, even in resource-limited settings.”

Oxy's $1.3B Texas carbon capture facility on track to​ launch this year

gearing up

Houston-based Occidental Petroleum is gearing up to start removing CO2 from the atmosphere at its $1.3 billion direct air capture (DAC) project in the Midland-Odessa area.

Vicki Hollub, president and CEO of Occidental, said during the company’s recent second-quarter earnings call that the Stratos project — being developed by carbon capture and sequestration subsidiary 1PointFive — is on track to begin capturing CO2 later this year.

“We are immensely proud of the achievements to date and the exceptional record of safety performance as we advance towards commercial startup,” Hollub said of Stratos.

Carbon dioxide captured by Stratos will be stored underground or be used for enhanced oil recovery.

Oxy says Stratos is the world’s largest DAC facility. It’s designed to pull 500,000 metric tons of carbon dioxide from the air and either store it underground or use it for enhanced oil recovery. Enhanced oil recovery extracts oil from unproductive reservoirs.

Most of the carbon credits that’ll be generated by Stratos through 2030 have already been sold to organizations such as Airbus, AT&T, All Nippon Airways, Amazon, the Houston Astros, the Houston Texans, JPMorgan, Microsoft, Palo Alto Networks and TD Bank.

The infrastructure business of investment manager BlackRock has pumped $550 million into Stratos through a joint venture with 1PointFive.

As it gears up to kick off operations at Stratos, Occidental is also in talks with XRG, the energy investment arm of the United Arab Emirates-owned Abu Dhabi National Oil Co., to form a joint venture for the development of a DAC facility in South Texas. Occidental has been awarded up to $650 million from the U.S. Department of Energy to build the South Texas DAC hub.

The South Texas project, to be located on the storied King Ranch, will be close to industrial facilities and energy infrastructure along the Gulf Coast. Initially, the roughly 165-square-mile site is expected to capture 500,000 metric tons of carbon dioxide per year, with the potential to store up to 3 billion metric tons of CO2 per year.

“We believe that carbon capture and DAC, in particular, will be instrumental in shaping the future energy landscape,” Hollub said.

---

This article originally appeared on our sister site, EnergyCapitalHTX.com.