Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Houston professor awarded $2.6M grant for retina, neurological research

seeing green

University of Houston College of Optometry Professor John O’Brien has received a $2.6 million grant from the National Eye Institute to continue his research on the retina and neurological functions.

O’Brien is considered a leading expert in retinal neuroscience with more than 20 years of research in the field. The new funding will allow O’Brien and his team to continue to study the dense assembly of proteins associated with electrical synapses, or gap junctions, in the retina.

Gap junctions transfer electrical signals between neurons. And the plasticity of gap junctions changes the strength of a synapse, in turn changing how visual information is processed. Previous research has shown that reduced functions of electrical synapses could be linked to autism, while their hyperfunction may lead to seizures.

“The research we propose will significantly advance our understanding of the molecular complexes that control the function of electrical synapses,” O’Brien said in a news release.

The team at UH will work to identify the proteins and examine how they impact electrical synapses. It is particularly interested in the Connexin 36, or Cx36, protein. According to O’Brien, phosphorylation of Cx36, a short-term chemical modification of the protein, serves as a key driver of plasticity. And the protein has been linked to refractive error development, which is one of the largest vision problems in the world today.

Additionally, OBrien’s research has shown that plasticity is essential for all-day vision, allowing the retina to adjust sensitivity and sharpen images. He has also built a catalog of the core set of proteins surrounding electrical synapses that are conserved across species. His research has been funded by the NEI since 2000.

5 minority-founded Houston startups shine as Innovation Awards finalists

Meet the Finalists

Houston is one of the most diverse cities in the nation, and that trend carries over into its innovation and startup ecosystem.

As part of the 2025 Houston Innovation Awards, our Minority-founded Businesses category will honor an innovative Houston startup founded or co-founded by BIPOC or LGBTQ+ representation.

Five minority-founded businesses have been named finalists for the 2025 award. The finalists, selected by our esteemed panel of judges, range from a wearable health tech device company to a clean chemical manufacturing business to a startup with a lunar mission.

Read more about these innovative businesses, their initiatives, and their inspirational founders below. Then join us at the Houston Innovation Awards on Nov. 13 at Greentown Labs, when the winner will be unveiled at our live awards ceremony.

Tickets are on now for this exclusive event celebrating all things Houston Innovation.

Capwell Services

Houston-based methane capture company Capwell Services works to eliminate vented oil and gas emissions economically for operators. According to the company, methane emissions are vented from most oil and gas facilities due to safety protocols, and operators are not able to capture the gas cost-effectively, leading operators to emit more than 14 million metric tons of methane per year in the US and Canada, equivalent to more than 400 million metric tons of CO2e per year. Founded in 2022, Capwell specializes in low and intermittent flow vents for methane capture.

The company began as a University of Pennsylvania senior design project led by current CEO Andrew Lane. It has since participated in programs with Greentown Labs and Rice Clean Energy Accelerator. The company moved to Houston in 2023 and raised a pre-seed round. It has also received federal funding from the DOE. Capwell is currently piloting its commercial unit with oil and gas operators.

Deep Anchor Solutions

Offshore energy consulting and design company Deep Anchor Solutions aims to help expedite the adoption of floating offshore energy infrastructure with its deeply embedded ring anchor (DERA) technology. According to the company, its patented DERA system can be installed quietly without heavy-lift vessels, reducing anchor-related costs by up to 75 percent and lifecycle CO2 emissions by up to 80 percent.

The company was founded in 2023 by current CEO Junho Lee and CTO Charles Aubeny. Lee earned his Ph.D. in geotechnical engineering from Texas A&M University, where Aubeny is a professor of civil and environmental engineering. The company has not raised VC funding, but has participated in numerous accelerators and incubators, including Greentown Labs, MassChallenge, EnergyTechNexus LiftOff and others. Lee is an Activate 2025 fellow.

Mars Materials

Clean chemical manufacturing business Mars Materials is working to convert captured carbon into resources, such as carbon fiber and wastewater treatment chemicals. The company develops and produces its drop-in chemical products in Houston and uses an in-licensed process for the National Renewable Energy Lab to produce acrylonitrile, which is used to produce plastics, synthetic fibers and rubbers. The company reports that it plans to open its first commercial plant in the next 18 months.

Founded in 2019 by CEO Aaron Fitzgerald, CTO Kristian Gubsch and lead engineer Trey Sheridan, the company has raised just under $1 million in capital and is backed by Bill Gates’ Breakthrough Energy, Shell, Black & Veatch and other organizations.

Torres Orbital Mining (TOM)

Space tech company Torres Orbital Mining aims to pioneer the sustainable extraction and processing of lunar regolith and designs and builds robotic systems for excavating, classifying, and delivering lunar material. The company aims to accelerate a permanent and ethical human presence on the Moon.

The company was founded this year by Luis Torres, a current MBA candidate at Rice Business.

Wellysis USA Inc.

Wellysis USA Inc. works to detect heart rhythm disorders with its continuous ECG/EKG monitor with AI reporting. Its S-Patch cardiac monitor is designed for extended testing periods of up to 14 days on a single battery charge. The device weighs only 9 grams, is waterproof and designed to be comfortable to wear, and is considered to have a high detection rate for arrhythmias. It is ideally suited for patient-centric clinical trials to help physicians make diagnoses faster, cheaper and more conveniently.

It was established in Houston in 2023 and participated in the JLABS SFF Program the same year. It closed a $12 million series B last year. It was founded by CEO Young Juhn, CTO Rick Kim, CFO JungSoo Kim and chief strategy officer JoongWoo Kim.

---

The Houston Innovation Awards program is sponsored by Houston Community College, Houston Powder Coaters, FLIGHT by Yuengling, and more to be announced soon. For sponsorship opportunities, please contact sales@innovationmap.com.

The Ion taps John Reale for startup and investor role

new hire

The Ion has named John "JR" Reale as its director for startups and investor engagement.

In his new role, Reale, a longtime leader in Houston’s startup ecosystem, will work to strengthen the innovation district's founder and investor network.

"Here’s what I’ve come to believe: the Ion is not just a building, not just a real estate play, and not just another innovation district. COVID, remote work, and shifting market dynamics changed the rules. Key ingredients like co-working, events, and community, while impactful, are no longer enough on their own," Reale shared on a LinkedIn post announcing the move. "What’s needed are advantages ... We need to intentionally design a system that repeatedly delivers advantages so founders can pull forward their visions."

Reale previously served as executive in residence and venture partner at TMC Venture Fund and co-founded Station Houston. He also serves as managing director of Integr8d Capital. He's an investor and serves on the board of directors for a number of venture-backed companies, including Cart.com, Lionguard and others.

The Ion will host "Today Is Day One – A conversation with John (JR) Reale" to welcome Reale to the role on Tuesday, Oct. 21. Reale will be joined at the event by Heath Butler, partner at Mercury, to discuss their thoughts on shaping Houston's founders ecosystem, as well as the Ion’s Founder Advantage Platform.

"On top of this connected architecture, we will build product. That product will be the Founder Advantage Platform to remove friction, compress time, and compound outcomes," Reale continued on LinkedIn. "This is the system that will drive repeatable experiences, and naturally, make these journeys so much more fun."

View All Listings