Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Houston Public Library to open new state-of-the-art TECHLink center in 2025

Innovation Station

Work is underway for a new state-of-the-art TECHLink space from Houston Public Library (HPL). The free center for innovators and creatives is expected to open in fall 2025 at Vinson Neighborhood Library this year.

The new 3,480-square-foot space will replace the branch’s existing HPL Express area, which closed January 25 in preparation for construction. This will be HPL's fifth TECHLink center, and it will serve one of South Houston's busiest libraries, notes a release.

“I always look forward to seeing our customers’ creative wheels turning and formulating plans once they recognize all of the technologies and equipment that they can freely access,” Roland Lemonius, TECHLink Division Manager, said in a news release.

TECHLink Vinson will include HPL's largest TECHLink video studio and also a dedicated studio/set for podcasts and vloggers.

HPL TECHLinkVideo studio at TECHLink Dixon. Courtesy of HPL

It will also feature a music recording studio, an editing lab, and a Makerspace lab for 3D printing and laser engraving. Virtual and in-person training opportunities will be available in a training lab in the future, according to HPL.

For kids, the Tiny Techs Zone offers a dedicated area to educate youth on 3D printing and robotics.

“Being able to enhance their quality of life in this way along with our other library services is very rewarding,” Lemonius added in the release.

TECHLink Vinson will join four other locations:

  • TECHLink Alief
  • TECHLink Dixon
  • TECHLink Scenic Woods
  • TECHLink Walker
Find a virtual tour of the Dixon location here.


croployaltyshopping_cartlocal_librarydeleteTECHLINKTECHLink Vinson will join four other locations, including DIxon. Courtesy of HPL


Texas universities develop innovative open-source platform for cell analysis

picture this

What do labs do when faced with large amounts of imaging data? Powerful cloud computing systems have long been the answer to that question, but a new riposte comes from SPACe.

That’s the name of a new open-source image analysis platform designed by researchers at Baylor College of Medicine, Texas A&M University and the University of Houston.

SPACe, or Swift Phenotypic Analysis of Cells, was created to be used on standard computers that even small labs can access, meaning cellular analysis using images produced through cell painting has a lower barrier to entry than ever before.

“The pharmaceutical industry has been accustomed to simplifying complex data into single metrics. This platform allows us to shift away from that approach and instead capture the full diversity of cellular responses, providing richer, more informative data that can reveal new avenues for drug development,” Michael Mancini, professor of molecular and cellular biology and director of the Gulf Coast Consortium Center for Advanced Microscopy and Image Informatics co-located at Baylor College of Medicine and TAMU Institute for Bioscience and Technology.

SPACe is not only accessible because of its less substantial computational needs. Because the platform is open-source, it’s available to anyone who needs it. And it can be used by academic and pharmaceutical researchers alike.

“The platform allows for the identification of non-toxic effects of drugs, such as alterations in cell shape or effects on specific organelles, which are often overlooked by traditional assays that focus largely on cell viability,” says Fabio Stossi, currently a senior scientist with St. Jude Children’s Research Hospital, the lead author who was at Baylor during the development of SPACe.

The platform is a better means than ever of analyzing thousands of individual cells through automated imaging platforms, thereby better capturing the variability of biological processes. Through that, SPACe allows scientists an enhanced understanding of the interactions between drugs and cells, and does it on standard computers, translating to scientists performing large-scale drug screenings with greater ease.

"This tool could be a game-changer in how we understand cellular biology and discover new drugs. By capturing the full complexity of cellular responses, we are opening new doors for drug discovery that go beyond toxicity,” says Stossi.

And the fact that it’s open-source allows scientists to access SPACe for free right now. Researchers interested in using the platform can access it through Github at github.com/dlabate/SPACe. This early version could already make waves in research, but the team also plans to continually improve their product with the help of collaborations with other institutions.

The Ion names new coworking partner for Houston innovation hub

Where to Work

Rice University subsidiary Rice Real Estate Co. has tapped coworking company Industrious as the new operator of the Ion’s 86,000-square-foot coworking space in Midtown. Industrious replaces WeWork-owned Common Desk in that role.

The Ion, owned by Rice Real Estate and located at 4201 Main St., is a 266,000-square-foot office building and innovation hub in the 16-acre Ion District.

Features of the coworking space include private suites and offices, dedicated desks, phone booths and conference rooms. In 2022, Common Desk said it was expanding the space by 28,000 square feet, bringing it to the current size.

“(Industrious’) unparalleled expertise in delivering quality, hospitality-driven workspaces complements our vision of creating a world-class ecosystem where entrepreneurs, corporations, and academia converge to drive innovation forward,” Ken Jett, president of Rice Real Estate, said in a statement.

Natalie Levine, senior manager of real estate at Industrious, says her company will work with Rice Real Estate “to continue to position the Ion as an invaluable contributor to the growth of Houston’s innovation community.”

Dallas-based commercial real estate services company CBRE said Jan. 14 that it had agreed to acquire Industrious in a deal valued at $400 million.

The Ion is Industrious’ second location in Houston. The company’s other local coworking space is at 1301 McKinney St.

Office tenants at the Ion include Occidental Petroleum, Fathom Fund, Activate, Carbon Clean, Microsoft and Chevron Technology Ventures.

View All Listings