Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Houston medtech firm secures $30M for neurosurgical robot

stroke surgery

Robotic neurosurgery is an exciting new frontier in medicine, and Houston-based medtech firm XCath is leading the charge with its revolutionary Iris robotic system. The company announced in March that it had secured $30 million in Series C funding to continue developing systems to tackle blood clots in the human brain.

“We are grateful to our investors for their conviction in our shared mission to improve clinical outcomes for patients impacted by endovascular diseases,” Eduardo Fonseca, CEO of XCath, said in a news release. “In 2025, the XCath team advanced the frontiers of endovascular robotics. This funding accelerates our commitment to expanding access to life-saving care so that where a patient lives no longer determines whether they live.”

XCath–which also has campuses in Pangyo, South Korea–has already achieved a number of remarkable firsts in robotic neurosurgery. The Iris is the only endovascular robotic system currently in development to perform intracranial navigation or neurointerventional treatment, and is the only robot in the world to have performed an intracranial neurovascular procedure involving the robotic manipulation of three devices.

These new Series C funds, which bring the company's total investment to $92 million, will go toward developing a clinical telerobot capable of performing a mechanical thrombectomy. This would bring unprecedented accuracy and precision to the surgical removal of brain clots, significantly reducing the risk of neurosurgery.

“Robotic surgery succeeds when innovation is paired with practical execution,” Dr. Fred Moll, chairman of the XCath board of directors, said in the release. “XCath has built a promising technology foundation, and just as importantly, a team that values rigor and appreciates perspective. I’m excited to support them as they take on the mission of globalizing access to gold-standard care for stroke patients.”

In November 2025, the Iris debuted under the control of Dr. Vitor Mendes Pereira at The Panama Clinic in Panama City, alongside local Principal Investigator Dr. Anastasio Ameijeiras Sibauste. It was only the second time in human history that a robot had been used for intracranial neurovascular intervention, and it established Iris as a viable technology in the fight against stroke.

“Treatment of stroke and other neurovascular diseases represents one of the most significant financial opportunities in healthcare, supported by positive reimbursement dynamics and strong demand from health systems,” Nicholas Drysdale, CFO of XCath, added in the release. “With our continued investor support and disciplined capital deployment, XCath is positioned to build a category-leading platform in endovascular robotics”.

Houston geothermal unicorn Fervo officially files for IPO

going public

Fervo Energy has officially filed for IPO.

The Houston-based geothermal unicorn filed a registration statement on Form S-1 with the U.S. Securities and Exchange Commission on April 17 to list its Class A common stock on the Nasdaq exchange. Fervo intends to be listed under the ticker symbol "FRVO."

The number and price of the shares have not yet been determined, according to a news release from Fervo. J.P. Morgan, BofA Securities, RBC Capital Markets and Barclays are leading the offering.

The highly anticipated filing comes as Fervo readies its flagship Cape Station geothermal project to deliver its first power later this year

"Today, miles-long lines for gasoline have been replaced by lines for electricity. Tech companies compete for megawatts to claim AI market share. Manufacturers jockey for power to strengthen American industry. Utilities demand clean, firm electricity to stabilize the grid," Fervo CEO Tim Latimer shared in the filing. "Fervo is prepared to serve all of these customers. Not with complex, idiosyncratic projects but with a simplified, standardized product capable of delivering around-the-clock, carbon-free power using proven oil and gas technology."

Fervo has been preparing to file for IPO for months. Axios Pro first reported that the company "quietly" filed for an IPO in January and estimated it would be valued between $2 billion and $3 billion.

Fervo also closed $421 million in non-recourse debt financing for the first phase of Cape Station last month and raised a $462 million Series E in December. The company also announced the addition of four heavyweights to its board of directors last week, including Meg Whitman, former CEO of eBay, Hewlett-Packard, and Spring-based HPE.

Fervo reported a net loss of $70.5 million for the 2025 fiscal year in the S-1 filing and a loss of $41.1 million in 2024.

Tracxn.com estimates that Fervo has raised $1.12 billion over 12 funding rounds. The company was founded in 2017 by Latimer and CTO Jack Norbeck.

---

This article originally appeared on our sister site, EnergyCapitalHTX.com.

New UT Austin med center, anchored by MD Anderson, gets $1 billion gift

Future of Health

A donation announced Tuesday, April 21, breaks a major record at the University of Texas at Austin. Michael and Susan Dell are now UT Austin's first supporters to give $1 billion. In response, the university will create the UT Dell Campus for Advanced Research and the UT Dell Medical Center to "advance human health," per a press release.

The release also records "significant support" for undergraduate scholarships, student housing, and the Texas Advanced Computing Center for supercomputing research.

Both the new research campus and the UT Dell Medical Center will integrate advanced computing into their research and practices. At the medical center, the university hopes that will lead to "earlier detection, more precise and personalized care, and better health outcomes." The University of Texas MD Anderson Cancer Center will also be integrated into the new medical center.

That comes with a numeric goal measured in 10s: raise $10 billion and rank among the top 10 medical centers in the U.S., both in the next decade.

In the shorter term, the university will break ground on the medical center with architecture firm Skidmore, Owings & Merrill (SOM) "later this year."

“UT Austin, where Dell Technologies was founded from a dorm room, has always been a place where bold ideas become real-world impact,” said Michael and Susan Dell in a joint statement.

They continued, “What makes this moment so meaningful is the opportunity to build something that brings every part of the journey together — from how students learn, to how discoveries are made, to how care reaches families. By bringing together medicine, science and computing in one campus designed for the AI era, UT can create more opportunity, deliver better outcomes, and build a stronger future for communities across Texas and beyond.”

This is the second major gift this year for the planned multibillion-dollar medical center. In January, Tench Coxe, a former venture capitalist who’s a major shareholder in chipmaking giant Nvidia, and Simone Coxe, co-founder and former CEO of the Blanc & Otus PR firm, contributed $100 million$100 million.

View All Listings