Photo of Zenus Franklin

Zenus Franklin

Subscribe to Zenus Franklin's Posts

Zenus focuses on addressing a variety of business and finance matters, including data governance regulations such as GDPR, CCPA, COPPA, PCI-DSS, and state data breach notification laws. He also assists clients with internal policy development, implementation, assessment, training, and incident response management.

Follow:Read more about Zenus FranklinZenus's Linkedin Profile

As 2025 comes to a close, we asked several members of Taft’s Privacy and Data Security practice group to share their thoughts on what should be on a client’s “wish list” for the holiday season, or on a list of resolutions for 2026.

Here are their thoughts for businesses considering to not only meet the requirements of new laws and mitigate existing risks, but also looking to seize the opportunity to maximize the impact of technology to unleash the power in their data.Continue Reading Closing Out 2025: Key Privacy & Data Security Updates from Taft

On July 24, 2025, the California Privacy Protection Agency (CPPA) approved a sweeping set of amendments to the California Consumer Privacy Act (CCPA) regulations. These updates introduce new compliance obligations for businesses around automated decision making, cybersecurity audits, risk assessments, and more.

Below, we discuss some of these new requirements.Continue Reading California Finalizes Major CCPA Amendments

On July 1, 2025, the California Attorney General, Rob Bonta, announced that the California Privacy Protection Agency (CPPA) entered into a settlement with Healthline Media LLC (Healthline), which included a fine of $1,550,000, the largest fine by the CPPA to date, for various alleged violations of the California Consumer Privacy Act (CCPA). This settlement and fine follow the CCPA’s $632,500 fine against American Honda Motor Co. in March of this year. These actions continue to show California’s increased focus on CCPA enforcement.

Per the announcement, Healthline.com is a health and wellness information website that is one of the top 40 most visited websites in the world and generates revenue by showing advertisements on the website.Continue Reading California Privacy Enforcement Continues: CPPA’s Largest Fine To Date

As we reported early last year, the Federal Trade Commission (FTC) issued a notice of proposed rulemaking to the Children’s Online Privacy Protection Act rule (COPPA). On April 22, 2025, over a year after the notice of proposed rulemaking was issued, the FTC has finalized its amendments to the COPPA rule and are set to go into effect on June 23, 2025.

To note, while the amendments will be effective on June 23, 2025, regulated entities under COPPA have until April 22, 2026 to comply.Continue Reading Children’s Online Privacy Protection Act Amendments Effective June 23, 2025

The California Privacy Protection Agency (“CPPA”) recently issued a decision requiring American Honda Motor Co. to pay a $632,500 fine and change certain business practices related to alleged violations under the California Consumer Privacy Act (“CCPA”). While not specifically related to connected vehicles, this decision comes after the CPPA’s announcement in 2023 that it would be focusing on connected vehicle manufacturers’ compliance with the CCPA.Continue Reading California Privacy Enforcement Update: Verifying Consumer Requests and Banners Must Be Symmetrical

As we previously discussed here, the Federal Communications Commission’s (FCC) new One-to-One Consent Rule, which amends the Telephone Consumer Protection Act (TCPA), was set to go into effect on January 27, 2025.

While the identified goal of the FCC was to close the “lead generator loophole,” this new rule, among other requirements, would require all businesses seeking to send any marketing text messages to obtain consent from the customer for one identified seller (business) at a time.Continue Reading UPDATE: FCC’s One-to-One Consent Rule Delayed, Then Overturned

On January 27, 2025, the Federal Communications Commission’s (FCC) new one-to-one consent requirement will go into effect. For background, the FCC published its final rule targeting and eliminating unlawful text messages under the Telephone Consumer Protection Act (TCPA) on January 26, 2024 (the Final Rule). Among other requirements and purposes, this Final Rule sought to close the “lead generator loophole.” Continue Reading FCC’s 1-to-1 Consent Requirement for Marketing Text Messages

Believe it or not, we are now more than halfway through 2024. As of July 1st, we now have additional state privacy laws in effect in Florida (narrow applicability), Oregon, and Texas – with more on the way later this year and into 2025. We thought it would be a good time to provide a recap on the current privacy law landscape in the United States today. Continue Reading Comprehensive State Privacy Laws – Halfway Through 2024 and Looking Ahead to 2025

Special thanks to Taft summer associates Tanner Wilburn and Lizzie Dobbins for their contributions to this post. 

On June 20, 2024, the U.S. District Court for the Northern District of Texas vacated a portion of guidance issued by the Department of Health and Human Services (HHS) regarding the use of online tracking technologies. This decision is beneficial to healthcare providers and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) which use third-party tracking tools on their public-facing websites, but such entities should be cautious to not read the case too broadly.Continue Reading Federal Court Strikes Down HHS Rule on Website Tracking Technologies… To an Extent