Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Axiom Space-tested cancer drug advances to clinical trials

mission critical

A cancer-fighting drug tested aboard several Axiom Space missions is moving forward to clinical trials.

Rebecsinib, which targets a cancer cloning and immune evasion gene, ADAR1, has received FDA approval to enter clinical trials under active Investigational New Drug (IND) status, according to a news release. The drug was tested aboard Axiom Mission 2 (Ax-2) and Axiom Mission 3 (Ax-3). It was developed by Aspera Biomedicine, led by Dr. Catriona Jamieson, director of the UC San Diego Sanford Stem Cell Institute (SSCI).

The San Diego-based Aspera team and Houston-based Axiom partnered to allow Rebecsinib to be tested in microgravity. Tumors have been shown to grow more rapidly in microgravity and even mimic how aggressive cancers can develop in patients.

“In terms of tumor growth, we see a doubling in growth of these little mini-tumors in just 10 days,” Jamieson explained in the release.

Rebecsinib took part in the patient-derived tumor organoid testing aboard the International Space Station. Similar testing is planned to continue on Axiom Station, the company's commercial space station that's currently under development.

Additionally, the drug will be tested aboard Ax-4 under its active IND status, which was targeted to launch June 25.

“We anticipate that this monumental mission will inform the expanded development of the first ADAR1 inhibitory cancer stem cell targeting drug for a broad array of cancers," Jamieson added.

According to Axiom, the milestone represents the potential for commercial space collaborations.

“We’re proud to work with Aspera Biomedicines and the UC San Diego Sanford Stem Cell Institute, as together we have achieved a historic milestone, and we’re even more excited for what’s to come,” Tejpaul Bhatia, the new CEO of Axiom Space, said in the release. “This is how we crack the code of the space economy – uniting public and private partners to turn microgravity into a launchpad for breakthroughs.”

Houston ranks No. 4 for HQ relocations and more innovation news to know

Trending News

Editor's note: The top recent Houston business and innovation news includes a high ranking for Houston HQs, an innovative exoskeleton designed for children with cerebral palsy, and incoming drones for Walmart delivery. Catch up on the 5 most-read InnovationMap stories from the latter half of June 2025 below:

1. Houston ranks among top 5 cities for corporate HQ relocations in new report

Houston attracted 31 new corporate headquarters from 2018 to 2024, according to a new report from CBRE. Photo via Getty Images

The Houston area already holds the title as the country’s third biggest metro hub for Fortune 500 headquarters, behind the New York City and Chicago areas. Now, Houston can tout another HQ accolade: It’s in a fourth-place tie with the Phoenix area for the most corporate headquarters relocations from 2018 to 2024.

During that period, the Houston and Phoenix areas each attracted 31 corporate headquarters, according to new research from commercial real estate services company CBRE. Continue reading.

2. Texas plugs in among states at highest risk for summer power outages in 2025

A new study puts Texas at No. 2 among the states most at risk for power outages this summer. Photo via Getty Images

Warning: Houston could be in for an especially uncomfortable summer.

A new study from solar energy company Wolf River Electric puts Texas at No. 2 among the states most at risk for power outages this summer. Michigan tops the list. Continue reading.

3. Houston team develops innovative soft skeleton for kids with cerebral palsy

UH BRAIN and TIRR Memorial Hermann have developed the MyoStep soft exoskeleton to address motor impairments caused by cerebral palsy. Photo courtesy UH.

A Houston team has introduced the MyoStep soft exoskeleton for children with cerebral palsy.

The soft skeleton aims to address motor impairments caused by cerebral palsy that impact children’s ability to participate in physical activities, self-care and academics. Continue reading.

4. CPRIT grants $22M to bring top cancer researchers to Houston

CPRIT recently granted $93 million to 61 organizations and scientists, including many in Houston, to advance cancer research. Carter Smith/Courtesy of MD Anderson

Several prominent cancer researchers are coming to the Houston area thanks to $22 million in grants recently awarded by the Cancer Prevention and Research Institute of Texas (CPRIT).

The biggest CPRIT recruitment grant — $6 million — went to genetics researcher Jean Gautier. Gautier, a professor of genetics and development at Columbia University’s Institute for Cancer Genetics, is joining the University of Texas MD Anderson Cancer Center to continue his research. Continue reading.

5. California company to launch Walmart drone delivery in Houston

California company to launch Walmart drone delivery in Houston

Walmart Supercenters in Houston will offer Wing drone delivery services by this time next year. Photo courtesy Wing.

California-based Wing will soon touch down in Houston.

The drone delivery company has partnered with Walmart Supercenters in Houston, Atlanta, Charlotte, Orlando and Tampa. According to a news release, Wing’s drone delivery services will be available at 100 Walmart stores across the selected markets by this time next year. Continue reading.

Chevron enters the lithium market with major Texas land acquisition

to market

Chevron U.S.A., a subsidiary of Houston-based energy company Chevron, has taken its first big step toward establishing a commercial-scale lithium business.

Chevron acquired leaseholds totaling about 125,000 acres in Northeast Texas and southwest Arkansas from TerraVolta Resources and East Texas Natural Resources. The acreage contains a high amount of lithium, which Chevron plans to extract from brines produced from the subsurface.

Lithium-ion batteries are used in an array of technologies, such as smartwatches, e-bikes, pacemakers, and batteries for electric vehicles, according to Chevron. The International Energy Agency estimates lithium demand could grow more than 400 percent by 2040.

“This acquisition represents a strategic investment to support energy manufacturing and expand U.S.-based critical mineral supplies,” Jeff Gustavson, president of Chevron New Energies, said in a news release. “Establishing domestic and resilient lithium supply chains is essential not only to maintaining U.S. energy leadership but also to meeting the growing demand from customers.”

Rania Yacoub, corporate business development manager at Chevron New Energies, said that amid heightening demand, lithium is “one of the world’s most sought-after natural resources.”

“Chevron is looking to help meet that demand and drive U.S. energy competitiveness by sourcing lithium domestically,” Yacoub said.

---

This article originally appeared on EnergyCapital.

View All Listings