Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Houston startup raises $6M to scale home-based healthcare platform

fresh funding

As healthcare systems race to expand care beyond hospitals and into the home, investors are placing bigger bets on the infrastructure needed to make that shift possible.

This month, Rosarium Health announced it has raised $6 million in seed funding led by Kalos Ventures, with participation from ResilienceVC, Rock Health Capital, Symphonic Capital, Black Tech Nations Ventures and others.

The investment will help the Houston-based startup continue to build its platform, which features a national network of 800-plus clinicians and 3,000-plus contractors to coordinate home accessibility upgrades and modifications for seniors and people living with disabilities.

For founder and CEO Cameron Carter, the company’s mission grew out of firsthand caregiving experiences.

“From my own personal caregiving experiences, I realized that the benefits exist on paper, but not in reality,” Carter said in a news release. “Families are being left to figure out the paperwork and installations all on their own, which shouldn’t be how this works.”

While Medicare Advantage and Medicaid plans have expanded coverage for home-based services and accessibility modifications, the logistics behind delivering those services often remain fragmented.

Rosarium’s platform coordinates the entire process, from clinical assessments and referrals to contractor management, documentation, reimbursement and installation.

“A clinician can document that a home isn’t safe and a plan can approve a benefit, but there’s no one that’s responsible for making sure the work actually gets done,” Carter says. “We built the missing piece.”

The company was founded in 2021 as Rose Health and was a 2023 participant in the Texas Medical Center’s Accelerator for HealthTech program. It has scaled quickly, building a network of more than 800 clinicians and 3,000 contractors across 34 states.

Rosarium is currently in-network for 1.2 million Medicare and Medicaid lives, with projected coverage expected to reach nearly 4 million by the end of the year, according to the release.

“We’re excited to back Cameron because he and the team at Rosarium are building the infrastructure healthcare needs right now to make the home a safe and comfortable place of care,” Kate Ballinger, investor at Kalos Ventures, added in the release.

As part of the recent investment, Ballinger will join Rosarium’s board of directors.

With eyes on the future, Rosarium plans to grow its partnerships with Medicaid and Medicare Advantage plans, including CalViva and Community Health Plan of Imperial Valley, strengthening its presence in California while expanding access to underserved communities.

Additionally, Carter predicts that home-based healthcare will be part of a broader transformation happening across the industry.

“There’s a growing recognition that health outcomes are shaped by what happens in the home,” he said in the release. “The future of healthcare isn’t just treating people after something goes wrong. It’s creating environments that help prevent those problems in the first place.”

Houston business mogul Tilman Fertitta acquires Caesars in $17.6B deal

Money Moves

Houston billionaire Tilman Fertitta may currently be serving as America’s ambassador to Italy, but his company is as busy as ever. Fresh off its move to revive the Houston Comets WNBA franchise, his company, Fertitta Entertainment, has announced a $17.6 billion deal to acquire Caesars Entertainment, Inc.

Speculation about the deal has been circulating since at least March, according to various media reports. The deal combines Fertitta’s well-known Golden Nugget casino brand with all of the properties in the Caesars’ portfolio, including Las Vegas hotels Caesars Palace, Harrah's, Paris Las Vegas, Planet Hollywood, Horseshoe, The LINQ Hotel, Flamingo, and The Cromwell.

Overall, the combined company will include 60 domestic casino resorts and gaming facilities; online gaming including sports betting, iCasino, and Caesar’s online poker platform; retail sports betting at over 200 third-party locations through the William Hill brand; and over 550 Fertitta Entertainment outlets, including more than 450 Landry's full-service restaurants across America. The companies will combine their loyalty programs, Caesars Rewards, Golden Nugget's 24 Karat Select Club, and Landry's Select Club.

The terms will see Caesars’ shareholders receive $31 per share. Fertitta Entertainment will also acquire approximately $11.9 billion of Caesars' outstanding debt.

The transaction will be financed through a combination of equity contributed by Fertitta Entertainment, assumed Caesars' debt, and new committed debt financing arranged by a group consisting of 10 banks. It is subject to approval by Caesars’ shareholders and government regulators.

Fertitta Entertainment is the Houston-based company behind a diverse array of hospitality businesses, including The Golden Nugget, The Post Oak Hotel, River Oaks District, the Kemah Boardwalk, and Houston’s Downtown Aquarium.

It also operates a number of prominent restaurant brands, including Mastro's Restaurants, Del Frisco's Double Eagle Steakhouse, Morton's The Steakhouse, The Palm, McCormick & Schmick's, Landry's Seafood House, The Oceanaire Seafood Room, and Saltgrass Steak House.

---

This article first appeared on CultureMap.com.

4 Houston-area institutions get $8M for cancer research facilities

fighting cancer

Cancer research capabilities in the Houston area just got an $8 million boost.

On Wednesday, May 20, the Cancer Prevention and Research Institute of Texas (CPRIT) awarded $8 million in grants to institutions in Houston and Bryan for the creation or expansion of so-called “core” cancer research facilities.

“Core facilities provide shared access to advanced technology, equipment, and scientific expertise that may not be available at every institution,” CPRIT says. “These core facilities are vital to not only cancer research but also to the study of diseases beyond cancer.”

Houston-area recipients of these $2 million grants are:

  • A facility at the University of Texas Health Science Center for preclinical support of cancer researchers in Texas to evaluate new safe, effective drugs and drug combinations.
  • The Accelerator for Cancer Therapeutics, operated by Houston’s Texas Medical Center Foundation. The accelerator helps researchers and startups move innovative cancer treatments from the lab to clinical trials.
  • Rice University’s Genetic Design & Engineering Center in Houston. The center enables researchers to collaborate on studies of custom DNA for cancer treatment.
  • A facility at the Texas A&M University System’s Health Science Center in Bryan that aims to speed up the development of cancer therapies.

In addition to those grants, the University of Texas M.D. Anderson Cancer Center, Methodist Hospital Research Institute, Baylor College of Medicine, and Rice University shared $21 million to recruit cancer researchers from other institutions.

The largest of those grants—totalling $4 million—went to M.D. Anderson for the recruitment of renowned cancer researcher Andre Nussenzweig from the National Institutes of Health. His research focuses on how DNA damage and faulty DNA repairs lead to cancer.

Here are the totals for the other CPRIT grants awarded in the Houston area:

  • $12.8 million to Houston-based Indapta Therapeutics for the development of an off-the-shelf therapy that naturally kills cancer cells, combined with an immunity-targeting agent for a type of leukemia.
  • $11.1 million to MD Anderson, including $5 million for a statewide platform to improve long-term health outcomes in adolescents and young adults who survived cancer.
  • $8.4 million to Baylor College of Medicine, including $4.8 million for two training programs for cancer researchers.
  • $6.25 million to UT Health Houston, including $4 million for a biomedical informatics and genomics training program for cancer researchers.
  • $4.4 million to the Texas A&M Health Science Center’s Houston campus, including $2.4 million for a cancer therapeutics training program.
  • $2.75 million to Rice, including $250,000 for a study of ovarian cancer.
  • $2 million to Houston-based March Biosciences for the development of a targeted therapy for treating T-cell lymphoma.
  • $1.15 million to the University of Houston, including $900,000 for a platform for detection of lung cancer.
  • $900,000 to Texas A&M in Bryan to conduct clinical drug trials in rural and underserved communities around the state.
  • $800,000 to Houston- and Israel-based Xerient Pharma for the development of an oral form of a cell-protecting drug called amifostine to protect the upper GI tract from radiation damage during pancreatic cancer treatment.
  • $659,000 to Missouri City-based OmniNano Pharmaceuticals for the development of a two-drug combination to treat the most common form of pancreatic cancer.
  • $250,000 to the University of Texas Medical Branch at Galveston for a novel therapeutic to prevent colitis-related colorectal cancer.
View All Listings