Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

MD Anderson makes AI partnership to advance precision oncology

AI Oncology

Few experts will disagree that data-driven medicine is one of the most certain ways forward for our health. However, actually adopting it comes at a steep curve. But what if using the technology were democratized?

This is the question that SOPHiA GENETICS has been seeking to answer since 2011 with its universal AI platform, SOPHiA DDM. The cloud-native system analyzes and interprets complex health care data across technologies and institutions, allowing hospitals and clinicians to gain clinically actionable insights faster and at scale.

The University of Texas MD Anderson Cancer Center has just announced its official collaboration with SOPHiA GENETICS to accelerate breakthroughs in precision oncology. Together, they are developing a novel sequencing oncology test, as well as creating several programs targeted at the research and development of additional technology.

That technology will allow the hospital to develop new ways to chart the growth and changes of tumors in real time, pick the best clinical trials and medications for patients and make genomic testing more reliable. Shashikant Kulkarni, deputy division head for Molecular Pathology, and Dr. J. Bryan, assistant professor, will lead the collaboration on MD Anderson’s end.

“Cancer research has evolved rapidly, and we have more health data available than ever before. Our collaboration with SOPHiA GENETICS reflects how our lab is evolving and integrating advanced analytics and AI to better interpret complex molecular information,” Dr. Donna Hansel, division head of Pathology and Laboratory Medicine at MD Anderson, said in a press release. “This collaboration will expand our ability to translate high-dimensional data into insights that can meaningfully advance research and precision oncology.”

SOPHiA GENETICS is based in Switzerland and France, and has its U.S. offices in Boston.

“This collaboration with MD Anderson amplifies our shared ambition to push the boundaries of what is possible in cancer research,” Dr. Philippe Menu, chief product officer and chief medical officer at SOPHiA GENETICS, added in the release. “With SOPHiA DDM as a unifying analytical layer, we are enabling new discoveries, accelerating breakthroughs in precision oncology and, most importantly, enabling patients around the globe to benefit from these innovations by bringing leading technologies to all geographies quickly and at scale.”

Houston company plans lunar mission to test clean energy resource

lunar power

Houston-based natural resource and lunar development company Black Moon Energy Corporation (BMEC) announced that it is planning a robotic mission to the surface of the moon within the next five years.

The company has engaged NASA’s Jet Propulsion Laboratory (JPL) and Caltech to carry out the mission’s robotic systems, scientific instrumentation, data acquisition and mission operations. Black Moon will lead mission management, resource-assessment strategy and large-scale operations planning.

The goal of the year-long expedition will be to gather data and perform operations to determine the feasibility of a lunar Helium-3 supply chain. Helium-3 is abundant on the surface of the moon, but extremely rare on Earth. BMEC believes it could be a solution to the world's accelerating energy challenges.

Helium-3 fusion releases 4 million times more energy than the combustion of fossil fuels and four times more energy than traditional nuclear fission in a “clean” manner with no primary radioactive products or environmental issues, according to BMEC. Additionally, the company estimates that there is enough lunar Helium-3 to power humanity for thousands of years.

"By combining Black Moon's expertise in resource development with JPL and Caltech's renowned scientific and engineering capabilities, we are building the knowledge base required to power a new era of clean, abundant, and affordable energy for the entire planet," David Warden, CEO of BMEC, said in a news release.

The company says that information gathered from the planned lunar mission will support potential applications in fusion power generation, national security systems, quantum computing, radiation detection, medical imaging and cryogenic technologies.

Black Moon Energy was founded in 2022 by David Warden, Leroy Chiao, Peter Jones and Dan Warden. Chiao served as a NASA astronaut for 15 years. The other founders have held positions at Rice University, Schlumberger, BP and other major energy space organizations.

Houston co. makes breakthrough in clean carbon fiber manufacturing

Future of Fiber

Houston-based Mars Materials has made a breakthrough in turning stored carbon dioxide into everyday products.

In partnership with the Textile Innovation Engine of North Carolina and North Carolina State University, Mars Materials turned its CO2-derived product into a high-quality raw material for producing carbon fiber, according to a news release. According to the company, the product works "exactly like" the traditional chemical used to create carbon fiber that is derived from oil and coal.

Testing showed the end product met the high standards required for high-performance carbon fiber. Carbon fiber finds its way into aircraft, missile components, drones, racecars, golf clubs, snowboards, bridges, X-ray equipment, prosthetics, wind turbine blades and more.

The successful test “keeps a promise we made to our investors and the industry,” Aaron Fitzgerald, co-founder and CEO of Mars Materials, said in the release. “We proved we can make carbon fiber from the air without losing any quality.”

“Just as we did with our water-soluble polymers, getting it right on the first try allows us to move faster,” Fitzgerald adds. “We can now focus on scaling up production to accelerate bringing manufacturing of this critical material back to the U.S.”

Mars Materials, founded in 2019, converts captured carbon into resources, such as carbon fiber and wastewater treatment chemicals. Investors include Untapped Capital, Prithvi Ventures, Climate Capital Collective, Overlap Holdings, BlackTech Capital, Jonathan Azoff, Nate Salpeter and Brian Andrés Helmick.

---

This article originally appeared on our sister site, EnergyCapitalHTX.com.

View All Listings