Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Houston startup secures $22.5M to innovate cell therapy to fight cancer

fresh funding

A promising cell therapy company has raised its latest funding round — to the tune of $22.5 million.

Indapta Therapeutics, which has a dual headquarters in Houston and Seattle, is a clinical stage biotechnology and next-generation cell therapy company focused on the treatment of cancer and autoimmune diseases. The company announced it has closed a $22.5 million round of new financing to accelerate the clinical development of its differentiated allogeneic Natural Killer cell therapy.

"This funding will enable us to generate significant additional data in our ongoing trial of IDP-023 in cancer as well as initial data from our first trial in autoimmune disease," Mark Frohlich, Indapta’s CEO, says in a news release.

Indapta has completed enrollment in the safety run-in portion of the Phase 1 clinical trial of IDP-023 in Non-Hodgkin’s Lymphoma and Multiple Myeloma, according to the company. The patients received up to three doses of IDP-023 without and with interleukin (IL)-2.

Completing the round were current investors RA Capital Management, Bayer's impact investment arm Leaps, Vertex Ventures HC, Pontifax, and the Myeloma Investment Fund, the venture philanthropy subsidiary of the Multiple Myeloma Research Foundation. Earlier in December, Indapta announced a collaboration with Sanofi to explore the combination of its allogeneic g-NK cell therapy IDP-023 with Sanofi’s CD38 that targets the monoclonal antibody, Sarclisa (isatuximab).

"Preliminary results of IDP-023 in cancer are encouraging and we look forward to initiating our Phase 1 trial for multiple sclerosis in Q1 2025,” Frohlich continues. “This financing, together with our recently announced collaboration with Sanofi, highlights the promise of our differentiated platform.”

Also in August, Indapta announced a FDA clearance of its IND of IDP-023 in combination with ocrelizumab in progressive MS.


Mark Frohlich is the CEO of the Houston- and Seattle-based company. Photo courtesy of Indapta Therapeutics

Houston startup's revolutionary automotive recycling tech to begin commercial operations

houston innovators podcast episode 267

Vibhu Sharma observed a huge sustainability problem within the automotive industry, and he was tired of no one doing anything about it.

"Globally, humans dispose 1 billion tires every year," Sharma says on the Houston Innovators Podcast. "It's a massive environmental and public health problem because these tires can take hundreds of years to break down, and what they start doing is leaking chemicals into the soil."

Today, 98 percent of all tires end up in landfills, Sharma says, and this waste contributes to a multitude of problems — from mosquito and pest infestation to chemical leaks and fire hazards. That's why he founded InnoVent Renewables, a Houston-based company that uses its proprietary continuous pyrolysis technology to convert waste tires into valuable fuels, steel, and chemicals.

While the process of pyrolysis — decomposing materials using high heat — isn't new, InnoVent's process has a potential to be uniquely impactful. As Sharma explains on the show, he's targeting areas with an existing supply of waste tires. The company's first plant — located in Monterrey, Mexico — is expected to go online early in the new year, an impressive accomplishment considering Sharma started his company just over a year ago and bootstrapped the business with only a friends and family round of funding.

"It's about 16 months or so from start to commercial operations, which is phenomenal when you consider what it takes to build and operate a chemical or petrochemical facility," Sharma says.

Currently, with the facility close to operations, Sharma is looking to secure customers for the plant's products — which includes diesel, steel, and carbon black — and he doesn't have to look too far out of the automotive industry for his potential customer base. Additionally, the plant should be net zero by day one, since Sharma says he will be using the output to fuel operations.

While the first facility is in Mexico, Sharma says they are already looking at potential secondary locations with Texas at the top of his list. Houston, where Sharma has worked for 26 years, has been a strategic headquarters for InnoVent.

"When it came to doing the research and development, we were able to work with experts in the Houston and Texas areas to test out our idea and validate it," Sharma says. "One thing that gets under appreciated about Houston is how well it's connected to the rest of the world. There are so many direct connections between Houston and Latin America, as well as Europe, Middle East, and Asia."

"I also find that the Houston ecosystem is very supportive of new companies and helping them grow," he adds.

Houston expert on what AI is changing in the workplace — and why employers need to recognize the 'human edge'

guest column

When OpenAI's GPT-4 made headlines by passing the bar exam and scoring in the top 10 percent on medical licensing tests, I noticed something fascinating: everyone focused on AI replacing professionals, but they missed the deeper story. AI isn't just disrupting work – it's exposing fundamental flaws in how we've built our entire workplace ecosystem. It's holding up a mirror to our organizations, revealing just how far we've strayed from what makes us uniquely human.

The World Economic Forum tells us 44 percent of workers' skills will need updating by 2027, but that statistic only scratches the surface. In my conversations with business leaders, I'm watching a transformation unfold in real-time. Take the accounting industry, where I've observed forward-thinking firms like Deloitte and PwC turning their accountants into strategic business advisors while other firms continue training junior staff for tasks that AI will soon handle. This isn't just a skills mismatch – it's a fundamental misunderstanding of human potential.

The challenge runs deeper than individual industries. McKinsey predicts 30 percent of hours worked globally could be automated by 2030, but I believe they're missing a crucial point. We've spent decades designing jobs around industrial-era ideals of efficiency and standardization – the very qualities that make them perfect targets for AI automation. In our obsession with measuring, standardizing, and streamlining everything, we've created workplaces that treat humans like machines rather than the complex, creative beings we are.

What's emerging is a striking paradox: as work becomes more automated, our workplace cultures are growing more disconnected. Microsoft researchers identified a "collaboration deficit" in remote work environments, with 56 percent of employees reporting a decline in workplace friendships. This cultural shift is occurring precisely when we need human connection most. During the Great Resignation of 2021, 47 million Americans quit their jobs, they weren't leaving because of salary considerations or technological inadequacies. The most common reasons cited were lack of human connection, purpose, and authentic leadership.

Yet instead of heeding this wake-up call, the rise of AI is pushing us further apart. A decade ago, the concept of "workplace family" was commonplace – now it's often dismissed as manipulative corporate rhetoric. This shift reveals a troubling blindspot in our thinking about work. Consider this: we spend more than 90,000 hours at work over our lifetime – more time than we spend with our own families – yet we're increasingly treating these relationships as purely transactional. In our rush to establish boundaries and protect ourselves from corporate exploitation, we've overcorrected, creating sterile workplaces stripped of human connection.

This timing couldn't be worse. As someone who studies the intersection of technology and workplace culture, I've observed a clear pattern: the more we automate routine tasks, the more our success depends on distinctly human qualities like trust, emotional sensitivity, and the ability to navigate complex interpersonal dynamics. Yet we're systematically dismantling the very cultural foundations that enable these qualities to flourish. It's as if we're entering a boxing match by tying one hand behind our back – at precisely the moment we need every advantage we can get.

The real crisis isn't that AI might replace jobs – it's that we're creating workplace environments that suppress the very qualities that make us irreplaceable. When we treat our colleagues as mere interfaces rather than complex human beings, we don't just damage relationships – we damage our capacity for innovation, creativity, and the kind of deep collaboration that complex problem-solving requires.

Some companies are starting to get it right. When I look at examples like IKEA, who chose to retrain their call center workers as interior design advisors rather than simply replacing them with chatbots, I see a glimpse of what's possible. They recognized something profound: you can't automate the human ability to understand what a frustrated customer really needs, or the intuition to read between the lines of what they're saying.

This is what I call the "human edge" – and it's far more nuanced than most leadership teams realize. It's the marketing manager who can sense team tension during a video call and address it before it derails a project. It's the sales representative who builds such strong relationships that clients stay loyal through market upheavals. It's the team leader who knows exactly when to push for more and when to show compassion. These aren't just nice-to-have soft skills – they're becoming our most valuable business assets.

But here's the challenge: we're still trying to measure workplace success like it's 1990. We track productivity metrics, sales numbers, and project timelines, but how do we quantify someone's ability to defuse a tense client situation? How do we measure the value of a team leader who creates an environment where people feel safe to innovate? These human capabilities – empathy, emotional intelligence, relationship building, creative problem-solving – are increasingly what separate successful companies from failing ones, yet they're nearly impossible to capture in a performance review.

When I talk to business leaders, I tell them bluntly: if a job can be reduced to a process, AI will eventually do it better. Our value lies in all the messy, human things that happen between the bullet points of a job description. Instead of asking "How many tasks did you complete?" we should be asking "How did you help your team navigate that difficult change?" Instead of training people to follow processes, we should be developing their ability to build relationships and navigate complexity.

It's time we started treating these human capabilities not as soft skills, but as core business competencies. The question isn't whether AI will change work – it's whether we'll use this moment to finally build workplaces that enhance rather than diminish our humanity.

———

Nada Ahmed is the founding partner at Houston-based Energy Tech Nexus and author of Amazon Bestseller “Determined to Lead- The Disruptive Woman's Guide to Stop Playing Small and Transform your Career through Agile Leadership.”

View All Listings