[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[S. 4230 Introduced in Senate (IS)]

<DOC>






119th CONGRESS
  2d Session
                                S. 4230

   To require the Federal Government to identify and address stolen 
   sensitive data and classified information, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             March 26, 2026

 Ms. Hassan (for herself and Mrs. Blackburn) introduced the following 
  bill; which was read twice and referred to the Select Committee on 
                              Intelligence

_______________________________________________________________________

                                 A BILL


 
   To require the Federal Government to identify and address stolen 
   sensitive data and classified information, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Protecting Stolen Encrypted Data Act 
of 2026''.

SEC. 2. ADDRESSING STOLEN SENSITIVE DATA.

    (a) Definitions.--In this section:
            (1) Classified information.--The term ``classified 
        information'' has the meaning given such term in section 805 of 
        the National Security Act of 1947 (50 U.S.C. 3164).
            (2) Covered data.--The term ``covered data'' means includes 
        the following:
                    (A) Financial, medical, and biometric data of 
                United States persons.
                    (B) Intellectual property of United States persons.
                    (C) Trade secrets of United States persons.
            (3) United states person.--The term ``United States 
        person'' has the meaning given such term in section 101 of the 
        Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801).
    (b) Addressing Stolen Sensitive Data.--
            (1) Strategies to identify.--The President shall, acting 
        through the Secretary of Defense and the Director of National 
        Intelligence, develop strategies to identify--
                    (A) covered data and classified information 
                unlawfully held by foreign entities;
                    (B) whether such data and information were 
                encrypted; and
                    (C) whether such data and information have been 
                decrypted by such foreign entities.
            (2) Strategies to address.--The President shall, acting 
        through the Secretary of Defense and the Director of National 
        Intelligence, develop strategies regarding how to address 
        stolen covered data and classified information.
            (3) Destruction, manipulation, or recovery.--
                    (A) Determination of economic and national security 
                interest.--The Secretary and the Director shall jointly 
                determine whether the destruction, manipulation, or 
                recovery of covered data and classified information 
                identified pursuant to the strategies developed under 
                paragraph (1) would be in the economic and national 
                security interest of the United States.
                    (B) Destruction, manipulation, or recovery.--In a 
                case in which the Secretary and the Director jointly 
                determine under subparagraph (A) that destroying, 
                manipulating, or recovering covered data or classified 
                information is in the economic and national security 
                interested of the United States, the Secretary and the 
                Director may jointly--
                            (i) pursuant to strategies required by 
                        paragraph (1), identify encrypted covered data 
                        and classified information that is unlawfully 
                        held by a foreign entity that has not been 
                        decrypted by the foreign entity;
                            (ii) pursuant to the strategies required by 
                        paragraph (2), attempt to destroy, manipulate, 
                        or recover the data and information identified 
                        pursuant to clause (i); and
                            (iii) when practicable, inform the lawful 
                        owners of covered data or classified 
                        information--
                                    (I) of the intent of the Secretary 
                                or the Director, as the case may be, to 
                                destroy, manipulate, or recover the 
                                covered data or classified information; 
                                and
                                    (II) upon successful destruction, 
                                manipulation, or recovery of the 
                                covered data or classified information.
    (c) Report.--
            (1) In general.--Not later than 1 year after the date of 
        the enactment of this Act, the Secretary and the Director shall 
        jointly submit to Congress a report on the strategies developed 
        under paragraphs (1) and (2) of subsection (c) and the actions 
        taken under paragraph (3) of such subsection.
            (2) Recommendations.--The report submitted pursuant to 
        paragraph (1) shall include such recommendations as the 
        Secretary and the Director may have for legislative or 
        administrative action to carry out subsection (c).
            (3) Form.--The report submitted pursuant to paragraph (1) 
        shall be submitted in unclassified form, but may include a 
        classified annex.
                                 <all>