Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Houston cell therapy company launches second-phase clinical trial

fighting cancer

A Houston cell therapy company has dosed its first patient in a Phase 2 clinical trial. March Biosciences is testing the efficacy of MB-105, a CD5-targeted CAR-T cell therapy for patients with relapsed or refractory CD5-positive T-cell lymphoma.

Last year, InnovationMap reported that March Biosciences had closed its series A with a $28.4 million raise. Now, the company, co-founded by Sarah Hein, Max Mamonkin and Malcolm Brenner, is ready to enroll a total of 46 patients in its study of people with difficult-to-treat cancer.

The trial will be conducted at cancer centers around the United States, but the first dose took place locally, at The University of Texas MD Anderson Cancer Center. Dr. Swaminathan P. Iyer, a professor in the department of lymphoma/myeloma at MD Anderson, is leading the trial.

“This represents a significant milestone in advancing MB-105 as a potential treatment option for patients with T-cell lymphoma who currently face extremely limited therapeutic choices,” Hein, who serves as CEO, says. “CAR-T therapies have revolutionized the treatment of B-cell lymphomas and leukemias but have not successfully addressed the rarer T-cell lymphomas and leukemias. We are optimistic that this larger trial will further validate MB-105's potential to address the critical unmet needs of these patients and look forward to reporting our first clinical readouts.”

The Phase 1 trial showed promise for MB-105 in terms of both safety and efficacy. That means that potentially concerning side effects, including neurological events and cytokine release above grade 3, were not observed. Those results were published last year, noting lasting remissions.

In January 2025, MB-105 won an orphan drug designation from the FDA. That results in seven years of market exclusivity if the drug is approved, as well as development incentives along the way.

The trial is enrolling its single-arm, two-stage study on ClinicalTrials.gov. For patients with stubborn blood cancers, the drug is providing new hope.

Elon Musk's SpaceX site officially becomes the city of Starbase, Texas

Starbase, Texas

The South Texas home of Elon Musk’s SpaceX rocket company is now an official city with a galactic name: Starbase.

A vote Saturday, May 3, to formally organize Starbase as a city was approved by a lopsided margin among the small group of voters who live there and are mostly Musk’s employees at SpaceX. With all the votes in, the tally was 212 in favor to 6 against, according to results published online by the Cameron County Elections Department.

Musk celebrated in a post on his social platform, X, saying it is “now a real city!”

Starbase is the facility and launch site for the SpaceX rocket program that is under contract with the Department of Defense and NASA that hopes to send astronauts back to the moon and someday to Mars.

Musk first floated the idea of Starbase in 2021 and approval of the new city was all but certain. Of the 283 eligible voters in the area, most are believed to be Starbase workers.

The election victory was personal for Musk. The billionaire’s popularity has diminished since he became the chain-saw-wielding public face of President Donald Trump’s federal job and spending cuts, and profits at his Tesla car company have plummeted.

SpaceX has generally drawn widespread support from local officials for its jobs and investment in the area.

But the creation of an official company town has also drawn critics who worry it will expand Musk’s personal control over the area, with potential authority to close a popular beach and state park for launches.

Companion efforts to the city vote include bills in the state Legislature to shift that authority from the county to the new town’s mayor and city council.

All these measures come as SpaceX is asking federal authorities for permission to increase the number of South Texas launches from five to 25 a year.

The city at the southern tip of Texas near the Mexico border is only about 1.5 square miles (3.9 square kilometers), crisscrossed by a few roads and dappled with airstream trailers and modest midcentury homes.

SpaceX officials have said little about exactly why they want a company town and did not respond to emailed requests for comment.

“We need the ability to grow Starbase as a community,” Starbase General Manager Kathryn Lueders wrote to local officials in 2024 with the request to get the city issue on the ballot.

The letter said the company already manages roads and utilities, as well as “the provisions of schooling and medical care” for those living on the property.

SpaceX officials have told lawmakers that granting the city authority to close the beach would streamline launch operations. SpaceX rocket launches and engine tests, and even just moving certain equipment around the launch base, requires the closure of a local highway and access to Boca Chica State Park and Boca Chica Beach.

Critics say beach closure authority should stay with the county government, which represents a broader population that uses the beach and park. Cameron County Judge Eddie Trevino, Jr. has said the county has worked well with SpaceX and there is no need for change.

Another proposed bill would make it a Class B misdemeanor with up to 180 days in jail if someone doesn’t comply with an order to evacuate the beach.

The South Texas Environmental Justice Network, which has organized protests against the city vote and the beach access issue, held another demonstration Saturday that attracted dozens of people.

Josette Hinojosa, whose young daughter was building a sandcastle nearby, said she was taking part to try to ensure continued access to a beach her family has enjoyed for generations.

With SpaceX, Hinojosa said, “Some days it’s closed, and some days you get turned away."

Organizer Christopher Basaldú, a member of the Carrizo/Comecrudo Nation of Texas tribe, said his ancestors have long been in the area, where the Rio Grande meets the Gulf.

“It’s not just important,” he said, “it’s sacred.”

Texas-based 'DoorDash for laundry' startup tumbles into Houston market

No Scrubs

Laundry may seem like an endless task that piles up, but a new service offers a solution to overwhelmed Houston families.

NoScrubs, an Austin-based home laundry pickup service has just expanded to Houston. Described by the company as "DoorDash — but for laundry," they wash customer's clothes at local laundromats and return them the same day, folded and ready to be put away.

The service took off like gangbusters in Austin, making an expansion to the state's largest city an obvious choice. It's not universal coverage just yet.

For now, only the following ZIP codes have NoScrubs service available: 77002, 77004, 77005, 77006, 77007, 77008, 77009, 77010, 77018, 77019, 77024, 77025, 77027, 77046, 77056, 77057, 77081, 77098, 77401, 77030, 77003.

A single pickup starts at $40 for 20 pounds of laundry, while the basic monthly subscription is $60 for two pickups. All services use hypoallergenic detergents.

The average American family spends about 240 hours a year on laundry, making it a very time-consuming chore. For people with disabilities, difficult work schedules, and other circumstances, it can be a real help, says co-founder Matt O'Connor.

"Some of our favorite customer stories simply revolve around saving people time when they have something challenging going on," he writes in an email. "For example, one customer reviewed NoScrubs saying 'So happy I could cry! (Partially because I'm pregnant and my emotions are heightened!)...1000% recommend if you have time restrictions or physical restrictions! ' So, whether it’s saving time, the affordability, or the pleasantly surprising turnaround time, NoScrubs has a variety of benefits for any customer."

NoScrubs is also a new opportunity for Houston's gig workers. Because there are no passengers, it can be a safer alternative to driving ride share for women and other people apprehensive about having strangers in their cars. As NoScrubs partners with local laundromats, drivers are also going to centralized locations rather than all over the map, leading to less wear and tear on their cars. The laundromats benefit as well, since NoScrubs loads are ones that would otherwise be done at home.

"Our model makes driving a tiny fraction of the time, so folks who don’t want to wear down their vehicles and spend a ton on gas love working at NoScrubs," added O'Connor.

View All Listings