Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Houston VC funding nears $1B in first half of 2026, report says

by the numbers

Despite a weak second quarter, venture capital funding for Houston-area startups approached $1 billion in the first half of 2026, the region’s highest first-half total since 2022, according to the latest PitchBook-NVCA Venture Monitor.

This year’s first-half total of $962.4 million represented a nearly 8 percent increase over last year’s first-half total of $891.7 million. Dating back to 2016, this year’s first-half haul lags behind only 2021 and 2022 for the most first-half funding.

Houston’s year-over-year VC jump of 73 percent in the first quarter of 2026 more than made up for the year-over-year drop of 34 percent in the second quarter of 2026, according to the report.

Deal count tells a more encouraging story: Houston startups closed 102 deals in the first half, up from 93 a year earlier and the region’s busiest first half since 2022. However, the average deal size shrank, as no single funding source dominated the total.

Keep in mind that PitchBook and NVCA routinely revise quarterly numbers upward to reflect deals that were reported after a previous quarter’s data was published. So, in the case of Houston, numbers initially reported for the first quarter of 2026 may not match newly reported numbers.

Perhaps the most notable Houston-area deal announced in the first half of this year was Cart.com’s $180 million growth equity investment, led by Springcoast Partners. Cart.com is an e-commerce platform and logistics provider.

PitchBook-NVCA data shows Houston’s VC activity is growing modestly, delivering better numbers in the first half of 2026 versus 2024 and 2025, but it still sits below the highs of 2021 and 2022. This is one sign that so far in 2026, the national VC boom isn’t benefiting non-hub markets like Houston the way it’s boosting some hub markets, especially Silicon Valley and New York City.

Nationwide, AI dominated VC funding in the first half of this year. The sector made up 86 percent of VC from January through June. The report notes that the markets have still struggled to unlock IPOs, with SpaceX being the biggest exception, and few M&A deals outside health care have been significant.

14 climatech startups join Greentown Houston in first half of 2026

green team

Climatech incubator Greentown Labs reports that 14 startups have joined its Houston community so far this year.

The companies are among 30 new startups to have joined Greentown Houston and Greentown Boston in 2026. Four of the companies are headquartered in Houston.

The startups are working on a range of "hydrogen-powered heavy-duty transport to AI-driven grid interconnection," according to Greentown.

The local startups that joined Greentown Houston include:

  • Houston-based Focis AI, which transforms industrial laser scans into structured asset intelligence to automatically identify, classify and map components in refineries and plants
  • Houston-based Iron Lattice, which develops next-generation memory technology for AI and high-performance computing that improves energy efficiency, endurance and scalability while remaining compatible with existing semiconductor manufacturing
  • Houston-based Orbital Arc, which is developing a new ion engine designed to improve the efficiency and scalability of spacecraft propulsion from low Earth orbit to deep space
  • Houston-based Sustain Energy LLC, which delivers cleaner, lower-cost fuel to industrial customers in pipeline-absent, underserved markets, cutting their energy costs and emissions with no infrastructure investment on their end

Other startups from around the world joined the Houston incubator in the same time period, including:

  • Ankara-based AIS Field, which develops robotic, AI-assisted non-destructive inspection systems, including submersible tank and boiler crawlers
  • San Francisco-based Armada AI, which builds rapidly deployable modular and edge data centers that run on local, stranded, or renewable power
  • San Francisco-based Armeta, which turns complex engineering drawings and legacy documentation into structured, usable data
  • Pittsburgh-based Atlas Robotics, which develops a Physical AI platform that powers autonomous material-handling robots and AI-guided forklifts
  • Ghana-based Cocoa Potash, which transforms high-emissions agricultural waste from cocoa, coconut, and palm-nut into organic potash, fertilizer and renewable energy
  • Israel-based Criaterra, which produces low-carbon, cement-free building materials
  • Italy-based ETAK, which manufactures modular reactors that convert solid waste into clean syngas
  • Kenya-based FelixFusion, which uses its Felix platform to model every grid connection point, including capacity, upgrade costs, and constraints
  • San Diego-based Gemini Energy, which builds next-generation fuel cells for data-center power
  • Tokyo-based Hibot, which develops robotic systems for inspecting and maintaining infrastructure in hazardous, hard-to-access environments
  • Austin-based Sheetak, which designs and manufactures thermoelectric coolers, generators, and assemblies for solid-state cooling and energy harvesting
  • The Netherlands-based ToPerform, which makes AI-powered, non-intrusive fouling sensors that monitor pipelines around the clock and predict the optimal cleaning time

Another 16 startups joined Greentown's Boston incubator. See the full list of new members here.

More than 100 startups joined Greentown last year, according to an end-of-year reflection shared by Greentown CEO Georgina Campbell Flatter. Read more about them here.

---

This article originally appeared on our sister site, EnergyCapitalHTX.com.

$12M pharmaceutical manufacturing facility to be built in Sugar Land

coming soon

A nearly $12 million drug manufacturing facility is coming to Sugar Land.

City leaders in Sugar Land recently approved a $1.3 million performance-based incentive for DeliverIt Group, a Sugar Land-based provider of specialty pharmacy, infusion therapy and clinical care services, for the development of the 60,000-square-foot facility.

The facility, which will be registered with the U.S. Food and Drug Administration (FDA), will compound medication. The process of drug compounding combines, mixes or alters ingredients to create a medication tailored to a certain patient. A compounded drug is created when an FDA-approved drug can’t meet a patient’s needs.

The facility, which will employ 55 people, will expand DeliverIt’s offerings from specialty pharmacy and infusion services to advanced pharmaceutical manufacturing. In a press release, the City of Sugar Land says the facility reinforces the suburb’s status as a hub for life sciences and health care innovation.

DeliverIt, founded in 2010, already employs about 60 people.

The $1.3 million incentive, to be distributed over the course of 10 years, is being funded through the Sugar Land Development Corporation’s 4A sales tax program.

“The addition of a pharmaceutical manufacturing operation of this caliber reflects the type of targeted growth we want to see in Sugar Land,” Jennifer Alexander, business development manager for the City of Sugar Land, said in a news release. “Our focus on smart, strategic investment means supporting life sciences innovators in ways that maximize existing assets while driving long-term community prosperity.”

The current size of the U.S. drug-compounding market is estimated at $7.42 billion, and it’s projected to climb to $12.79 billion by 2035, according to Towards Healthcare Research and Consulting.

Drug compounding is gaining momentum due to increases in personalized medicine and personal treatment approaches, with growth being supported by aging populations and the rise of chronic illnesses, Towards Healthcare says.