Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Mark Cuban calls AI ‘the greater democratizer’ for young entrepreneurs

eyes on AI

Texas billionaire Mark Cuban—whose investment portfolio includes Houston-based Holliball, a startup that makes and sells large inflatable holiday ornaments—believes AI is leveling the playing field for budding low-income entrepreneurs.

At the recent Clover x Shark Tank Summit in Las Vegas, the Shark Tank alum called AI “the greater democratizer.”

Cuban told Axios that free and low-cost AI tools enable disadvantaged teenagers to compete with seasoned professionals.

“Right now, if you’re a 14- to 18-year-old and you’re in not-so-good circumstances, you have access to the best professors and the best consultants,” Cuban said. “It allows people who otherwise would not have access to any resources to have access to the best resources in real time. You can compete with anybody.”

While Cuban believes AI is “the great democratizer” for low-income young people, low-income workers still face hurdles in navigating the AI landscape, according to Public Works Partners, an urban planning and consulting firm. The firm says access to AI among low-income workers may be limited due to cost, insufficient digital literacy and infrastructure gaps.

“Without adequate resources and training, these workers may struggle to adapt to AI-driven workplaces or access the educational opportunities necessary to acquire new skills,” Public Works Partners said.

Texas 2036, a public policy organization focused on the state’s future, reported in January AI jobs in Texas are projected to grow 27 percent over the next decade. The number 2036 refers to the year when Texas will celebrate its bicentennial.

As for the current state of AI, Cuban said he doesn’t think the economy is witnessing an AI bubble comparable to the dot-com bubble, which lasted from 1998 to 2000.

“The difference is, the improvement in technology basically slowed to a trickle,” Cuban said of the dot-com era. “We’re nowhere near the improvement in technology slowing to a trickle in AI.”

CPRIT hires MD Anderson official as chief cancer prevention officer

new hire

The Austin-based Cancer Prevention and Research Institute of Texas, which provides funding for cancer research across the state, has hired Ruth Rechis as its chief prevention officer. She comes to CPRIT from Houston’s University of Texas MD Anderson Cancer Center, where she led the Cancer Prevention and Control Platform.

Before joining MD Anderson, Rechis was a member of the executive leadership team at the Livestrong Foundation, an Austin-based nonprofit that supports people affected by cancer.

“Ruth has widespread connections throughout the cancer prevention community, both in Texas and across the nation,” CPRIT CEO Kristen Doyle said in a news release. “She is a long-term passionate supporter of CPRIT, and she is very familiar with our process, programs, and commitment to transparency. Ruth is a terrific addition to the team here at CPRIT.”

Rechis said that by collaborating with researchers, policymakers, public health leaders and community partners, CPRIT “can continue to drive forward proven prevention strategies that improve health outcomes, lower long-term costs, and create healthier futures for all.”

At MD Anderson, Rechis and her team worked with more than 100 organizations in Texas to bolster cancer prevention initiatives at clinics and community-based organizations.

Rechis is a longtime survivor of Hodgkin lymphoma, a type of cancer that affects the lymph nodes, which are part of a person’s immune system.