Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

New Houston-born app OpenToBites connects users over meals in 16 cities

Friends and Food

A Houston-born social is connecting foodies and social butterflies for shared meals. OpenToBites launched on Android on June 18 and iOS on June 22, and is available to use for free in Houston and beyond.

Founded and operated by Houston developer Kelvin John, OpenToBites allows users to connect over meals in 16 cosmopolitan cities. That includes Austin and Houston in Texas, plus other American cities like Denver and New York, and even international destinations including Paris, Tokyo, and Sydney.

The app is built on a simple concept, and a press release emphasizes that it's for anyone who wants "friendly company."

“We built OpenToBites in response to several trends, including the rise of solo travel and the demand for social experiences that don’t feel like dating, networking, or large organized events,” said a spokesperson in the release. “We are not a dating app. We are offering shared food and conversation for people who want simple, in-person meal company in a public setting.”

When signing up, users provide their first name, an optional profile photo, and a short bio. They mark themselves as a traveler, a local, or both, and have the option to select their age range or opt out.

Once a profile is created, the user can search for existing meals or create a meal happening within the next 72 hours. To find an existing meal to join as a guest, they select the city, date, and apply filters for the number of seats, type of cuisine, and whether they want to share food with the table or order their own.

Since someone has to get the party started, users can also take the initiative to start a meal as a host. They'll choose the date, time, and restaurant — anything is on the menu, as long as they can link to the restaurant on Google Maps or its own website.

This divides users into "host" and "guest." Guests request to join a table, and a host can decide to accept the request or not. Guests aren't able to see the exact restaurant until their request is accepted, so hosts have a "helpful note" field to fill out with more information about the restaurant.

A similar app called Timeleft launched in Austin in 2024, acting as a friendship matchmaker for small groups of strangers who answer personality questions, meet at a restaurant for dinner, and decide if they wanted to stay in touch.

Though OpenToBites has a similar concept, it seems to work more like Couchsurfing, an app that connects travelers on their own terms. OpenToBites also emphasizes the immediate over the long-term — the meal itself is the social goal.

OpenToBites is available for free on the App Store and Play Store; the app plans to grow each current city's user base before adding new locations.

---

This article originally appeared on CultureMap.com.

Houston mental health nonprofit expands platform statewide to connect more Texans with care

access granted

As mental health conversations evolve, the necessary pivot becomes how organizations across Texas navigate improved ways to help people access the care they need before their challenges become crises.

That’s why Mental Health America of Greater Houston recently announced that it is expanding its Care Connect platform statewide.

The expansion will address perhaps the most persistent barrier to behavioral healthcare—helping people find and navigate services that already exist.

Care Connect’s extended reach comes at a time when more than 3.5 million adults in the state live with some kind of mental health condition and scores of those in need continue to struggle with accessing care despite the growing awareness of mental health needs.

According to President and CEO Renae Vania Tomczak, Care Connect’s main goal was to remove as many obstacles as possible that Texans face when seeking mental health support.

“Care Connect was about a two-year planning process,” Tomczak says. “It really began with asking what challenges people in the Greater Houston Area were facing regarding mental health. It’s not just accessing care, but the difficulty in navigating the mental healthcare system.”

While provider shortages remain a challenge in some communities, Mental Health America of Greater Houston found that many individuals and families struggle simply to determine where to turn, how to identify the right provider and whether services are affordable.

“We wanted to make it easier for people who have questions, who may never have had a mental health challenge before, or they’re a caregiver for somebody who has a mental health issue,” Tomczak says. “We wanted to be the place that people can come to get their questions answered and be connected to care.”

Care Connect combines a vetted network of more than 1,000 providers and services across Texas with personalized navigation support.

Searches generate care results based on insurance coverage, language preferences, ZIP code and clinical specialties.

Additionally, one-on-one guidance and follow-up support are provided by bilingual resource specialists.

The platform also seeks to address affordability, one of the most significant barriers to mental healthcare access. Through participating providers, eligible individuals can receive six to eight counseling sessions at no cost.

“We have several providers who are willing to provide six to eight counseling sessions at no cost for people who do not have the means to pay for services themselves,” Tomczak says.

When provider matches are unavailable, the organization can connect individuals with master’s-level mental health professionals working under the supervision of licensed clinicians.

The statewide rollout builds on the platform’s early success in the Houston region, where it has helped thousands of individuals connect with mental health resources since launching last fall.

According to Tomczak, the decision to expand was driven in part by growing demand from outside the organization’s traditional service area.

“Last month we decided to take this program statewide,” she says. “It’s not just Houston that can use help in connecting to appropriate mental health services, but the whole state.”

The Care Connect program’s promotion through healthcare providers, community organizations and public-sector partners across Texas is now one of Mental Health America of Greater Houston’s top priorities.

Their goal is to create a stronger referral ecosystem that ultimately helps those who need access to mental health care more quickly.

To facilitate that, the organization has also added free mental health screenings to its website so that users will better identify any symptoms related to anxiety, depression and other conditions.

“Once they do that, then where do they go?” Tomczak says. “They’re not sure who to call and who can help them. At that point, we hope they’ll call us and talk to somebody live who can answer their questions and help them get started on the right path to improving their mental health.”

With eyes on the future, Tomczak believes public understanding of mental health has improved in recent years, particularly following the COVID-19 pandemic, which brought new attention to the effects of stress, isolation and uncertainty.

“The more we talk about it and have the opportunity to share that mental health conditions are traceable, the better,” she says.

According to Tomczak, long-term, Care Connect aims to reduce roadblocks that exist between recognizing the need for help and receiving it.

Ultimately, Care Connect hopes to create a robustly connected behavioral health system that gives Texans the ability to access mental health services swiftly and with confidence.

“No one should have to navigate mental health challenges alone,” Tomczak adds. “Care Connect is here to help connect people with resources, services and answers to ensure they get the care they need to take the next step toward better mental health.”