Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Rice launches 'brain economy' initiative at World Economic Forum

brain health

Rice University has launched an initiative that will position “brain capital” as a key asset in the 21st century.

Rice rolled out the Global Brain Economy Initiative on Jan. 21 at the World Economic Forum in Davos, Switzerland.

“This initiative positions brain capital, or brain health and brain skills, at the forefront of global economic development, particularly in the age of artificial intelligence,” the university said in a news release.

The Rice-based initiative, whose partners are the University of Texas Medical Branch in Galveston and the Davos Alzheimer’s Collaborative, aligns with a recent World Economic Forum and McKinsey Health Institute report titled “The Human Advantage: Stronger Brains in the Age of AI,” co-authored by Rice researcher Harris Eyre. Eyre is leading the initiative.

“With an aging population and the rapid transformation of work and society driven by AI, the urgency has never been greater to focus on brain health and build adaptable human skills—both to support people and communities and to ensure long-term economic stability,” says Amy Dittmar, a Rice provost and executive vice president for academic affairs.

This initiative works closely with the recently launched Rice Brain Institute.

In its first year, the initiative will establish a global brain research agenda, piloting brain economy strategies in certain regions, and introducing a framework to guide financial backers and leaders. It will also advocate for public policies tied to the brain economy.

The report from the McKinsey Health Institute and World Economic Forum estimates that advancements in brain health could generate $6.2 trillion in economic gains by 2050.

“Stronger brains build stronger societies,” Eyre says. “When we invest in brain health and brain skills, we contribute to long-term growth, resilience, and shared prosperity.”

Rice Alliance and the Ion leader Brad Burke to retire this summer

lasting legacy

Brad Burke—a Rice University associate vice president who leads the Ion District’s Rice Alliance for Technology and Entrepreneurship and is a prominent figure in Houston’s startup community—is retiring this summer after a 25-year career at the university.

Burke will remain at the Rice Alliance as an adviser until his retirement on June 30.

“Brad’s impact on Rice extends far beyond any single program or initiative. He grew the Rice Alliance from a promising campus initiative into one of the most respected university-based entrepreneurship platforms,” Rice President Reginald DesRoches said in a news release.

During Burke’s tenure, the Rice Business School went from unranked in entrepreneurship to The Princeton Review’s No. 1 graduate entrepreneurship program for the past seven years and a top 20 entrepreneurship program in U.S. News & World Report’s rankings for the past 14 years.

“Brad didn’t just build programs — he built an ecosystem, a culture, and a reputation for Rice that now resonates around the world,” said Peter Rodriguez, dean of the business school. “Through his vision and steady leadership, Rice became a place where founders are taken seriously, ideas are rigorously supported, and entrepreneurship is embedded in the fabric of the university.”

One of Burke’s notable achievements at Rice is the creation of the Rice Business Plan Competition. During his tenure, the competition has grown from nine student teams competing for $10,000 into the world’s largest intercollegiate competition for student-led startups. Today, the annual competition welcomes 42 student-led startups that vie for more than $1 million in prizes.

Away from Rice, Burke has played a key role in cultivating entrepreneurship in the energy sector: He helped establish the Energy Tech Venture Forum along with Houston Energy and Climate Startup Week.

Furthermore, Burke co-founded the Texas University Network for Innovation and Entrepreneurship in 2008 to bolster the entrepreneurship programs at every university in Texas. In 2016, the Rice Alliance assumed leadership of the Global Consortium of Entrepreneurship Centers.

In 2023, Burke received the Trailblazer Award at the 2023 Houston Innovation Awards and was recognized by the Deshpande Foundation for his contributions to innovation and entrepreneurship in higher education.

“Working with an amazing team to build the entrepreneurial ecosystem at Rice, in Houston, and beyond has been the privilege of my career,” Burke said in the release. “It has been extremely gratifying to hear entrepreneurs say our efforts changed their lives, while bringing new innovations to market. The organization is well-positioned to help drive exponential growth across startups, investors, and the entrepreneurial ecosystem.”

Starting April 15, John “JR” Reale Jr. will serve as interim associate vice president at Rice and executive director of the Rice Alliance. He is managing director of the alliance. Reale is co-founder of the Station Houston startup hub and a startup investor. He was also recently named director for startups and investor engagement at the Ion.

“The Rice Alliance has always been about helping founders gain advantages to realize their visions,” Reale said. “Under Brad’s leadership, the Rice Alliance has become a globally recognized platform that is grounded in trust and drives transformational founder outcomes. My commitment is to honor what Brad has built and led while continuing to serve our team and community, deepen relationships and deliver impact.”

Burke joined the Houston Innovators Podcast back in 2022. Listen to the full interview here.

Houston team uses CPRIT funding to develop nanodrug for cancer immunotherapy

cancer research

With a relative five-year survival rate of 50 percent, pancreatic cancer is a diagnosis nobody wants. At 60 percent, the prognosis for lung cancer isn’t much rosier. That’s because both cancers contain regulatory B cells (Bregs), which block the body’s natural immunity, making it harder to fight the enemies within.

Newly popular immunotherapies in a category known as STING agonists may stimulate natural cancer defenses. However, they can also increase Bregs while simultaneously causing significant side effects. But Wei Gao, assistant professor of pharmacology at the University of Houston College of Pharmacy, may have a solution to that conundrum.

Gao and her team have developed Nano-273, a dual-function drug, packaged in an albumin-based particle, that boosts the immune system to help it better fight pancreatic and lung cancers. Gao’s lab recently received a $900,000 grant from the Cancer Prevention and Research Institute of Texas (CPRIT) to aid in fueling her research into the nanodrug.

“Nano-273 both activates STING and blocks PI3Kγ—a pathway that drives Breg expansion, while albumin nanoparticles help deliver the drug directly to immune cells, reducing unwanted side effects,” Gao said in a press release. “This approach reduces harmful Bregs while boosting immune cells that attack cancer, leading to stronger and more targeted anti-tumor responses.”

In studies using models of both pancreatic and lung cancers, Nano-273 has shown great promise with low toxicity. Its best results thus far have involved using the drug in combination with immunotherapy or chemotherapy.

With the CPRIT funds, Gao and her team will be able to charge closer to clinical use with a series of important steps. Those include continuing to test Nano-273 alongside other drugs, including immune checkpoint inhibitors. Safety studies will follow, but with future patients in mind, Gao will also work toward improving her drug’s production, making sure that it’s safe and high-quality every time, so that it is eventually ready for trials.

Gao added: “If successful, this project could lead to a new type of immunotherapy that offers lasting tumor control and improved survival for patients with pancreatic and lung cancers, two diseases that urgently need better treatments."

View All Listings