Protecting Stolen Encrypted Data Act of 2026
S. 4230119th Congress

Protecting Stolen Encrypted Data Act of 2026

Introduced in the SenateSen. Margaret Hassan (D-NH)23 sections · 2 min read
Version: Introduced in Senate · Mar 26, 2026

Section 1. Short title

This Act may be cited as the Protecting Stolen Encrypted Data Act of 2026.

(a) Definitions

In this section:

(1) Classified information

The term classified information has the meaning given such term in section 805 of the National Security Act of 1947 (50 U.S.C. 3164).

(2) Covered data

The term covered data means includes the following:

(A) Financial, medical, and biometric data of United States persons.

(B) Intellectual property of United States persons.

(C) Trade secrets of United States persons.

(3) United States person

The term United States person has the meaning given such term in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801).

(1) Strategies to identify

The President shall, acting through the Secretary of Defense and the Director of National Intelligence, develop strategies to identify—

(A) covered data and classified information unlawfully held by foreign entities;

(B) whether such data and information were encrypted; and

(C) whether such data and information have been decrypted by such foreign entities.

(2) Strategies to address

The President shall, acting through the Secretary of Defense and the Director of National Intelligence, develop strategies regarding how to address stolen covered data and classified information.

(A) Determination of economic and national security interest

The Secretary and the Director shall jointly determine whether the destruction, manipulation, or recovery of covered data and classified information identified pursuant to the strategies developed under paragraph (1) would be in the economic and national security interest of the United States.

(B) Destruction, manipulation, or recovery

In a case in which the Secretary and the Director jointly determine under subparagraph (A) that destroying, manipulating, or recovering covered data or classified information is in the economic and national security interested of the United States, the Secretary and the Director may jointly—

(i) pursuant to strategies required by paragraph (1), identify encrypted covered data and classified information that is unlawfully held by a foreign entity that has not been decrypted by the foreign entity;

(ii) pursuant to the strategies required by paragraph (2), attempt to destroy, manipulate, or recover the data and information identified pursuant to clause (i); and

(iii) when practicable, inform the lawful owners of covered data or classified information—

(I) of the intent of the Secretary or the Director, as the case may be, to destroy, manipulate, or recover the covered data or classified information; and

(II) upon successful destruction, manipulation, or recovery of the covered data or classified information.

(1) In general

Not later than 1 year after the date of the enactment of this Act, the Secretary and the Director shall jointly submit to Congress a report on the strategies developed under paragraphs (1) and (2) of subsection (c) and the actions taken under paragraph (3) of such subsection.

(2) Recommendations

The report submitted pursuant to paragraph (1) shall include such recommendations as the Secretary and the Director may have for legislative or administrative action to carry out subsection (c).

(3) Form

The report submitted pursuant to paragraph (1) shall be submitted in unclassified form, but may include a classified annex.

to ask questions about this bill.