Houston founders: How safe is your company's data?

guest column

Stay informed and regularly check your security procedures to protect yourself, your business, and your customers. Photo via Getty Images

As news comes out every week about new technologies, from new crypto wallets to generative AI to self-driving taxis, it can get overwhelming for most of us to keep up or to understand the new intricacies of technology, and it can get easy to say, “The IT department has it covered.” Well, do they have it covered?

Far too often, companies fail to protect its data with the same muster as its financial security until it is too late. Just as a healthy business will regularly conduct audits of its accounting processes to detect potential fraud, ensure regulatory compliance, and locate areas of improvement for the organization, the same should be done for a business’s data security practices. Key components of any organization are its people and its information, and the IT department is in charge of protecting that information.

We as business people need to ensure that the company’s technology personnel are indeed securing one of the company’s most valuable assets: information.

Big picture: Your business needs to follow an audit process

  1. Confirm the scope of your data
  2. Conduct an internal review of all security practices
  3. Conduct a review of all vendor practices that have access to your data
  4. Confirm compliance with regulations and contractual obligations
  5. Prepare a report with detailed findings and recommendations to improve on year-over-year

Data: What do you have and what duties does it require?

Personal information, particularly when it belongs to customers, is the most frequently compromised type of data. Under laws like the newly passed Texas Data Privacy and Security Act (TDPSA), businesses can have additional obligations to keep this information protected. Personal information can include any information “that is linked or reasonably linkable to an identified or identifiable individual.”

Sensitive data also requires extra precaution, which means protecting (1) personal data that reveals racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; (2) genetic or biometric data that is processed for the purpose of uniquely identifying an individual; (3) personal data collected from a known child; or (4) precise geolocation data.

Other types of data to watch out for include the business’s intellectual property, anonymized customer data, employee personal information, and any other type of proprietary business data. Depending on the industry, the cost of a breach of any of these types of data could be incredibly high, particularly for healthcare and finance.

Ultimately, Texas businesses are required to maintain reasonable procedures to protect personal information, and there may be other laws implicated such as HIPAA, GLBA, CCPA/CPRA, BIPA, GDPR, PIPEDA, and many more, depending on where business is done, the industry implicated, and, in some cases, where customers are located.

"But I think the vendor is responsible."

Check your contracts, and check if the law requires you to have a duty to protect the compromised information, as many do. Involve your IT department in the review of technical compliance whenever you are sharing data with a third party. Further, it is important to make sure that however the Data Processing Addendum says the vendor is processing data is how they are actually processing data. To that point, if you are processing someone else’s data, your business also needs to be doing what it says it is doing, in contracts with third parties and in your Privacy Policy.

Software as a service arrangements, end user license agreements, and other internet and software-based services may require you to hand over data and not give you the opportunity to customize and shift risk. This is why it is important to thoroughly evaluate what technical protections are in place because the risk and duty may still fall on your business regarding the data of your customers and employees. Ask yourself (or your IT professionals) if the vendor actually needs the data they receive to provide services to you.

Key takeaway: Stay informed

Your business needs checks and balances in place with the IT department to ensure you know what they are (or are not) doing and what they are supposed to do. You need policies and procedures, and they need to regularly be tested.

Do you know where your data is stored, both internally and with third parties? Who controls it? How is it being processed, and is anything being shared? Are encryption procedures in place? Firewalls, Intrusion Protection Systems, and End-Point Detection and Response? Do you and your vendors have Incident Response Plans? Stay informed and regularly check your security procedures to protect yourself, your business, and your customers.

------

Courtney Gahm-Oldham is partner at Frost Brown Todd. Lauren Cole is associate at Frost Brown Todd.

From Your Site Articles
Ad Placement 300x100
Ad Placement 300x600

CultureMap Emails are Awesome

Property Showcase

Houston femtech co. debuts new lactation and wellness pods

mom pod

Houston-based femtech company Work&, previously known as Work&Mother, has introduced new products in recent months aimed at supporting working mothers and the overall health of all employees.

The company's new Lactation Pod and Hybrid Pod serve as dual-use lactation and wellness spaces to meet employer demand, the company shared in a news release. The compact pods offer flexible design options that can serve permanent offices and nearly all commercial spaces.

They feature a fully compliant lactation station while also offering wellness functionalities that can support meditation, mental health, telehealth and prayer. In line with Work&'s other spaces, the pods utilize the Work& scheduling platform, which prioritizes lactation bookings to help employers comply with the PUMP Act.

“This isn’t about perks,” Jules Lairson, Work& co-founder and COO, said in the release. “It’s about meeting people where they are—with dignity and intentional design. That includes the mother returning to work, the employee managing anxiety, and everyone in between.”

According to the company, several Fortune 500 companies are already using the pods, and Work& has plans to grow the products' reach.

Earlier this year, Work& introduced its first employee wellness space at MetroNational’s Memorial City Plazas, representing Work&'s shift to offer an array of holistic health and wellness solutions for landlords and tenants.

The company, founded in 2017 by Lairson and CEO Abbey Donnell, was initially focused on outfitting commercial buildings with lactation accommodations for working parents. While Work& still offers these services through its Work&Mother branch, the addition of its Work&Wellbeing arm allowed the company to also address the broader wellness needs of all employees.

The company rebranded as Work& earlier this year.

5 Houston innovators who made headlines in August 2025

Featured Innovators

Editor's note: Innovators hailing from both Rice University and University of Houston made headlines in August by developing a new biomaterial that could replace plastic and deploying a new flood scale to help Houstonians stay safe. Plus, one local innovator has a big move on the horizon.

Here are five Houston innovators to know right now.

​M.A.S.R. Saadi and Muhammed Maksud Rahman, Rice University and University of Houston

A team led by M.A.S.R. Saadi and Muhammad Maksud Rahman has developed a biomaterial that they hope could be used for the “next disposable water bottle." Photo courtesy Rice University.

Collaborators from two Houston universities are leading the way in engineering a biomaterial into a scalable, multifunctional material that could potentially replace plastic. The research was led by Muhammad Maksud Rahman, an assistant professor of mechanical and aerospace engineering at the University of Houston and an adjunct assistant professor of materials science and nanoengineering at Rice University. M.A.S.R. Saadi, a materials science and nanoengineering doctoral student at Rice University, was first author on the study. The study introduced a biosynthesis technique that aligns bacterial cellulose fibers in real-time, which resulted in robust biopolymer sheets with “exceptional mechanical properties,” according to the researchers. Learn more.

Paul Cherukuri, Rice University

Paul Cherukuri, Rice’s first vice president for innovation and chief innovation officer, will leave his post next month. Photo via Rice.edu

Paul Cherukuri, Rice University's top innovation executive, responsible for some of Rice’s major innovative projects like the Rice BioTech LaunchPad and Rice Nexus, will leave the university at the end of September to accept a position at the University of Virginia. Cherukuri, Rice’s first vice president for innovation and chief innovation officer, will become the University of Virginia’s Donna and Richard Tadler University Professor of Entrepreneurship and the school's first chief innovation officer. Learn more.

Steven Paul Woods (pictured) and Natalie C. Ridgely, University of Houston

Steven Paul Woods, professor of Psychology, at UH. Photo courtesy of UH

University of Houston Professor of Psychology Steven Paul Woods and doctoral student Natalie C. Ridgely recently partnered with the Space City Weather (SCW) blog to create a new flood alert scale for the trusted weather site. “My lab does work on how people access, understand, and use health information, so I thought we could adapt some of that ongoing work and our expertise in psychological science to answer questions about weather communication, and help keep Houstonians informed and safe,” said Woods. Learn more.

Rice biotech studio secures investment from Modi Ventures, adds founder to board

fresh funding

RBL LLC, which supports commercialization for ventures formed at the Rice University Biotech Launch Pad, has secured an investment from Houston-based Modi Ventures.

Additionally, RBL announced that it has named Sahir Ali, founder and general partner of Modi Ventures, to its board of directors.

Modi Ventures invests in biotech companies that are working to advance diagnostics, engineered therapeutics and AI-driven drug discovery. The firm has $134 million under management after closing an oversubscribed round this summer.

RBL launched in 2024 and is based out of Houston’s Texas Medical Center Helix Park. William McKeon, president and CEO of the TMC, previously called the launch of RBL a “critical step forward” for Houston’s life sciences ecosystem.

“RBL is dedicated to building companies focused on pioneering and intelligent bioelectronic therapeutics,” Ali said in a LinkedIn post. “This partnership strengthens the Houston biotech ecosystem and accelerates the transition of groundbreaking lab discoveries into impactful therapies.”

Ali will join board members like managing partner Paul Wotton, Rice bioengineering professor Omid Veiseh, scientist and partner at KdT Ventures Rima Chakrabarti, Rice alum John Jaggers, CEO of Arbor Biotechnologies Devyn Smith, and veteran executive in the life sciences sector James Watson.

Ali has led transformative work and built companies across AI, cloud computing and precision medicine. Ali also serves on the board of directors of the Drug Information Association, which helps to collaborate in drug, device and diagnostics developments.

“This investment by Modi Ventures will be instrumental to RBL’s growth as it reinforces confidence in our venture creation model and accelerates our ability to develop successful biotech startups,” Wotton said in the announcement. "Sahir’s addition to the board will also amplify this collaboration with Modi. His strategic counsel and deep understanding of field-defining technologies will be invaluable as we continue to grow and deliver on our mission.”

View All Listings