Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Houston VC funding surged in 2024, fueled by major Q4 activity

by the numbers

The venture capital haul for Houston-area startups jumped 23 percent from 2023 to 2024, according to the latest PitchBook-NVCA Venture Monitor.

The fundraising total for startups in the region climbed from $1.49 billion in 2023 to $1.83 billion in 2024, PitchBook-NVCA Venture Monitor data shows.

Roughly half of the 2024 sum, $914.3 million, came in the fourth quarter. By comparison, Houston-area startups collected $291.3 million in VC during the fourth quarter of 2023.

Among the Houston-area startups contributing to the impressive VC total in the fourth quarter of 2024 was geothermal energy startup Fervo Energy. PitchBook attributes $634 million in fourth-quarter VC to Fervo, with fulfillment services company Cart.com at $50 million, and chemical manufacturing platform Mstack and superconducting wire manufacturer MetOx International at $40 million each.

Across the country, VC deals total $209 billion in 2024, compared with $162.2 billion in 2023. Nearly half (46 percent) of all VC funding in North America last year went to AI startups, PitchBook says. PitchBook’s lead VC analyst for the U.S., Kyle Stanford, says that AI “continues to be the story of the market.”

PitchBook forecasts a “moderately positive” 2025 for venture capital in the U.S.

“That does not mean that challenges are gone. Flat and down rounds will likely continue at higher paces than the market is accustomed to. More companies will likely shut down or fall out of the venture funding cycle,” says PitchBook. “However, both of those expectations are holdovers from 2021.”

Houston space company lands latest NASA deal to advance lunar logistics

To The Moon

Houston-based space exploration, infrastructure, and services company Intuitive Machines has secured about $2.5 million from NASA to study challenges related to carrying cargo on the company’s lunar lander and hauling cargo on the moon. The lander will be used for NASA’s Artemis missions to the moon and eventually to Mars.

“Intuitive Machines has been methodically working on executing lunar delivery, data transmission, and infrastructure service missions, making us uniquely positioned to provide strategies and concepts that may shape lunar logistics and mobility solutions for the Artemis generation,” Intuitive Machines CEO Steve Altemus says in a news release.

“We look forward to bringing our proven expertise together to deliver innovative solutions that establish capabilities on the [moon] and place deeper exploration within reach.”

Intuitive Machines will soon launch its lunar lander on a SpaceX Falcon 9 rocket to deliver NASA technology and science projects, along with commercial payloads, to the moon’s Mons Mouton plateau. Lift-off will happen at NASA’s Kennedy Space Center in Florida within a launch window that starts in late February. It’ll be the lander’s second trip to the moon.

In September, Intuitive Machines landed a deal with NASA that could be worth more than $4.8 billion.

Under the contract, Intuitive Machines will supply communication and navigation services for missions in the “near space” region, which extends from the earth’s surface to beyond the moon.

The five-year deal includes an option to add five years to the contract. The initial round of NASA funding runs through September 2029.

Play it back: Houston home tech startup begins 2025 with fresh funding

HOUSTON INNOVATORS PODCAST EPISODE 272

One of the dozen or so Houston startups kicking of the new year with fresh funding is SmartAC.com, a company that's designed a platform that enables contractors in the HVAC and plumbing industries to monitor, manage, and optimize their maintenance memberships through advanced sensors, AI-driven diagnostics, and proactive alerts.

Last month, the SmartAC.com raised a follow-on round with support from local investor Mercury to continue growth and expansion of the product, which has evolved on many ways since the company launched in 2020, emerging from stealth with $10 million raised in a series A. In a May 2023 interview for the Houston Innovators Podcast, Founder and CEO Josh Teekell explained how he embraced the power of a pivot.

The company's sensors can monitor all aspects of air conditioning units and report back any issues, meaning homeowners have quicker and less costly repairs. While SmartAC.com started with providing the service and tech to homeowners directly, Teekell says he's had a greater interest in working with plumbers and HVAC companies who then deploy the technology to their customers.

"It became quite evident that homeowners don't care about air conditioning really at all until their system breaks," Teekell says on the show. "The technology is really built around giving those contractors as another way to gain a customer relationship and keep it."

Revisit the podcast episode below where Teekell talks about SmartAC.com's last raise.

SmartAC.com's previous round in 2023 — a $22 million series B — was used grow its team that goes out to deploy the technology and train the contractors on the platform.

"We've been very fortunate to get some of the biggest names in Houston on our cap table," Teekell says in the May 2023 conversation. "Since we're raising a bunch of money locally, everyone understands what a pain air conditioning can be."

View All Listings