Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

$12M pharmaceutical manufacturing facility to be built in Sugar Land

coming soon

A nearly $12 million drug manufacturing facility is coming to Sugar Land.

City leaders in Sugar Land recently approved a $1.3 million performance-based incentive for DeliverIt Group, a Sugar Land-based provider of specialty pharmacy, infusion therapy and clinical care services, for the development of the 60,000-square-foot facility.

The facility, which will be registered with the U.S. Food and Drug Administration (FDA), will compound medication. The process of drug compounding combines, mixes or alters ingredients to create a medication tailored to a certain patient. A compounded drug is created when an FDA-approved drug can’t meet a patient’s needs.

The facility, which will employ 55 people, will expand DeliverIt’s offerings from specialty pharmacy and infusion services to advanced pharmaceutical manufacturing. In a press release, the City of Sugar Land says the facility reinforces the suburb’s status as a hub for life sciences and health care innovation.

DeliverIt, founded in 2010, already employs about 60 people.

The $1.3 million incentive, to be distributed over the course of 10 years, is being funded through the Sugar Land Development Corporation’s 4A sales tax program.

“The addition of a pharmaceutical manufacturing operation of this caliber reflects the type of targeted growth we want to see in Sugar Land,” Jennifer Alexander, business development manager for the City of Sugar Land, said in a news release. “Our focus on smart, strategic investment means supporting life sciences innovators in ways that maximize existing assets while driving long-term community prosperity.”

The current size of the U.S. drug-compounding market is estimated at $7.42 billion, and it’s projected to climb to $12.79 billion by 2035, according to Towards Healthcare Research and Consulting.

Drug compounding is gaining momentum due to increases in personalized medicine and personal treatment approaches, with growth being supported by aging populations and the rise of chronic illnesses, Towards Healthcare says.

XSpace plans $250M industrial condo expansion with RAFA Racing Club

growth mode

Houston-based XSpace Group has teamed up with two other Houston companies, RAFA Racing Club and Maximo Capital, to develop five industrial condo projects that pair flex space and high-end car storage space with a members-only clubhouse for motorsports enthusiasts.

The five projects will be built in the Dallas-Fort Worth; Miami-Boca Raton; Charlotte-Mooresville, North Carolina; Phoenix-Scottsdale; and Los Angeles markets. Other markets, including Las Vegas, are under consideration for future phases.

XSpace says the initial five-project venture will generate estimated sales of $250 million. Condos will be available to rent or own.

The ground floor of each project will feature a RAFA Racing Club Social & Performance Centre, a members-only clubhouse, event space and lifestyle hub. The remaining floors will offer space for car storage, collectibles, offices and studios. RAFA will operate the ground floor of each building.

“Our goal from day one with RAFA Racing has been to connect people through a shared love of performance and community,” Rafael Martinez, founder of RAFA Racing Club and principal of Maximo Capital, said in a news release. “By pairing XSpace’s forward-thinking condominium design with the exclusive hospitality, networking and high-performance environment of a RAFA Racing Club clubhouse, we’re establishing a community blueprint where passion meets community.”

Each clubhouse will offer:

  • Lounges
  • Dining, working and networking spaces
  • Concierge service
  • Driving simulators
  • Fitness and conditioning capabilities

“We’re building the most valuable community-driven real estate product in America — and RAFA Racing Club is the anchor that makes it unlike anything else on the market," Byron Smith, founder of XSpace, added in a release. “By integrating our flexible, high-end industrial condominiums with RAFA’s world-class hospitality and automotive community spaces, we are completely redefining what commercial real estate can be for the motorsports enthusiast.”

RAFA operates facilities for motorsports fans in Houston and Austin. The clubs, geared toward wealthy people, entrepreneurs, executives, and brand partners, combine a clubhouse, garage, paddock (racing’s version of a locker room), a “human performance” center and driver training programs.

RAFA plans to open seven clubs in the U.S. and three outside the U.S. over the next four years.

XSpace operates a high-end office, warehouse, and lifestyle condo project in Austin and is building a project in Houston that’s set to open in 2027.

Walmart expands drone delivery service to 8 new Houston-area stores

Now Landing

More Walmart delivery drones are now buzzing around Houston-area skies.

In January, Walmart launched its drone delivery service in partnership with Wing at five locations in the Houston area. The retail giant just added eight more stores to its Houston-area drone delivery network.

Wing says the expansion makes drone delivery available to more than 1 million residents of the Houston area. “Many can now bypass notorious Houston traffic to get everyday Walmart essentials delivered by drone in minutes,” Wing said in a release.

The eight Walmart stores that joined the drone delivery network are:

  • 13003 Tomball Pkwy. Houston
  • 12353 FM 1960 Rd. West, Houston
  • 2901 Riley Fuzzel Rd., Spring
  • 20310 U.S. Highway 59, New Caney
  • 1025 Sawdust Rd., Spring, TX 77380
  • 13484 Northwest Fwy., Houston, TX
  • 13750 East Fwy., Houston
  • 3506 Highway 6 South, Houston

Stores where drone delivery was already available are:

  • 14215 FM 2100 Rd., Crosby
  • 1313 N. Fry Rd., Katy
  • 15955 FM 529 Rd., Houston
  • 255 FM 518, Kemah
  • 6060 N. Fry Rd., Katy

Houstonians can learn whether their address is eligible for drone delivery from a Walmart store by visiting wing.com/walmart. Drone-delivered orders can be placed on the Walmart app, the Wing app, or at Walmart.com.

Once an order is ready, it’s loaded onto a delivery drone. The drone then flies up to 60 mph and at a cruising altitude of about 150 feet to reach the customer’s home. The average flight takes less than 5 minutes.

Once it arrives at the customer’s home, the drone stops, hovers at roughly 23 feet, and lowers the order via a tether. Wing says its drones gently lower orders to the ground to protect fragile items like eggs and coffee.

---

This article originally appeared on CultureMap.com.