Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Houston startup’s brain implant for depression advances to clinical trial

moving forward

Houston-based Motif Neurotech has received FDA approval to move forward with its first clinical trial for its innovative way to fight treatment-resistant depression and other mental health disorders.

The company has developed a brain-computer interface technology based on research from Rice University. The blueberry-sized, wirelessly powered implantable device known as the Digitally-programmable Over-brain Therapeutic (DOT) stimulator delivers electrical stimulation to brain circuits linked to depression. The DOT stimulator sits in the skull above the dura without touching the brain and is considered an alternative to transcranial magnetic stimulation, which requires multiple treatment sessions and can cause headaches.

“The goal for this technology is that it would be the mental health equivalent of a continuous glucose monitor for diabetes,” Jacob Robinson, a Rice University professor of electrical computer engineering and bioengineering and CEO of Motif Neurotech, said in a news release. “What has been really special for me personally on this journey is to be able to work all the way from a concept through the process of research and development funded by the federal government at Rice, and take that into a product that is going to affect people’s lives for the better.”

Eligible adults whose depression has not improved after trying multiple therapies can take part in the study. The clinical trial will be conducted in collaboration with Baylor College of Medicine, Brain Health Consultants (Houston), UT Health Houston, Massachusetts General Brigham, Emory Healthcare, University of Iowa, University of Utah Health and New York University, according to Rice.

Motif also announced that it was one of the first teams selected for ARPA-H’s EVIDENT initiative, which recently awarded up to $139.4 million to spur new, effective therapies for behavioral health. Through the initiative, Motif will collect additional data alongside its clinical trial.

“The idea with this funding is to support a number of teams who have rapid-acting interventions for a mental health condition and to collect additional data to help determine with greater precision whether a treatment is working, how it is working and which patients are benefitting most from which course of treatment,” Robinson added in the release.

Motif Neurotech was spun out of Robinson’s and Professor Kaiyuan Yang’s labs at Rice, along with collaborators and co-founders Dr. Sameer Sheth at Baylor College of Medicine and Dr. Sunil Sheth at the University of Texas Health Science Center at Houston. It was founded through the Rice Biotech Launch Pad. The company closed its Series A round with an oversubscribed $18.75 million last year.

New immersive experience Time Mission clocks into Houston this summer

It's Time

Time for a new immersive experience to come to Houston: Time Mission, a kid-friendly, team-based adventure, is scheduled to land at the Marq-E Entertainment District in summer 2026.

Created by LOL Entertainment, a location-based entertainment company specializing in immersive attractions, Time Mission blends physical and mental challenges in a fast-paced experience, a release says. Players take on real-world tasks like cracking codes, dodging lasers, solving riddles, and exploring hidden tunnels to earn points for their team.

Racing through 25-plus unique portals, teams of two to five players embark on a time-travel journey across the past, present, and future, all while collecting points and battling the clock. The website says the attraction is appropriate for "players age 6 to 106."

“We’ve seen a shift in how people seek entertainment, choosing immersive adventures that foster connection and excitement," says Rob Cooper, CEO of LOL Entertainment, in the release. "We’re excited to introduce [Texas] to an experience where strategy, innovation, and teamwork collide."

There are currently Time Mission locations in Pennsylvania, New York, Rhode Island, Virginia, Illinois, and Belgium. Dallas will be the first Texas location, followed by Houston.

Immersive attractions have been popular in Houston for several years, from Meow Wolf just north of downtown to interactive experiences dedicated to balloons and more.

Time Mission will be located in a 10,000-square-foot space at the Marq-E Entertainment District (7620 Katy Fwy., Ste. 355). The exact opening date will be announced at a later time.

---

This article originally appeared on CultureMap.com.

7+ can't-miss Houston business and innovation events in May

where to be

Editor’s note: Houston is living up to its nicknames as Space City and the Energy Capital of the World this month with a lineup of insightful talks, pitch days and industry conferences. Plus, there are opportunities to network over crawfish, learn about brain health and more. Here’s what not to miss and how to register. Please note: this article may be updated to add more events.

May 7 – Ion Block Party and Crawfish Boil

Head to this special edition Block Party, featuring a crawfish cook-off competition among the Ion’s businesses. Competing teams include Transwestern, Microsoft, Rice Alliance, Rice Nexus, South Main Baptist, Per Scholas, Industrious and many others. Taste test crawfish while supplies last, and sip a complimentary drink from Second Draught.

This event is Thursday, May 7, from 4-7 p.m. at the Ion. Register here.

May 12 – Why the Next Decade of Breakthrough Brain Tech Matters For You, and What to Do About It

Hear from Matias Serebrinsky, co-founder and general partner of San Francisco-based PsyMed Ventures, at this talk presented by EO Houston. Serebrinsky will discuss why founders are disproportionately affected by brain health issues and look at breakthrough brain and mental health tech.

This event is Tuesday, May 12, from 11:20 a.m.-1 p.m. at Tony's on Richmond Avenue. Register here.

May 18-19 — Geothermal Transition Summit North America

This two-day summit serves as the meeting point for the geothermal and oil and gas industries and will focus on geothermal energy, including scaling plants and navigating state regulations. The event promises 40 expert speakers, 15 exhibition spaces, and networking opportunities with 250 industry decision makers.

This event begins May 18 at Norris Conference Center. Register here.

May 19 – IOT Innovation Day

IoT Innovation Day will present a series of fast‑paced, 15‑minute tech talks focused on the future of connected devices. These sessions feature insights from founders, engineers, product innovators and industry leaders. Attendees are also invited to sign up to present their own tech talk showcasing their expertise, startup or solution.

This event is Tuesday, May 19, from 10 a.m.-6 p.m. Register here.

May 20-21 — ESF North America

ESF North America returns for its 5th edition, under the theme of “innovation and adaptation.” Attendees will explore how technology, innovation, and collaboration can drive a resilient, competitive refining and chemicals industry.

This event begins May 20 at The Westin Oaks Houston at the Galleria. Register here.

May 21 – AI + Energy Sector Pitch Day

Hear from startups powering the AI boom or using AI to support the energy transition at Greentown's latest installment of its Sector Pitch Day series. Brian Walker, program manager for emerging technologies in the U.S. Department of Energy’s Building Technologies Office, will present the keynote address. Six Greentown startups will present pitches, as well as others from IMPEL, a DOE tech-to-market program, and more. Stick around for a networking happy hour.

This event is Thursday, May 21, from 1:30-6:30 p.m. at the Ion. Register here.

May 28 – NASA Stories at the Ion: A Conversation with NASA’s Artemis II Orion Vehicle Manager Branelle Rodriguez

NASA’s Artemis II Orion Vehicle Manager Branelle Rodriguez will discuss what it took to ready the spacecraft for its mission and return to Earth at this special installment of NASA Stories. Rodriguez will share insights on Orion’s high-speed reentry, the views of the Moon and Earth witnessed by the crew, and what’s next for Orion on NASA’s upcoming Artemis missions in 2027 and 2028. Complimentary breakfast and networking take place before each talk.

This event Thursday, May 28, from 8:30-10 a.m. at the Ion. Register here.

May 28 – NASA Tech Talks: Texas-France Space Hub Business Accelerator Initiative

NASA Tech Talks is partnering with the Rice Space Institute (RSI) this month to host the second cohort of the Texas-France Space Hub in Houston. The hub aims to unite academic institutions and private enterprises to expand commercial space presence in both countries. Startups from the hub will present during the event, followed by drinks and networking at Second Draught.

This event Thursday, May 28, from 6-7 p.m. at the Ion. Register here.

View All Listings