House Republicans unveiled on Wednesday Congress’ latest effort to tackle comprehensive digital privacy legislation for Americans.

The Secure Data Act would allow consumers to opt out of data collection for individual businesses for the purposes of targeted advertising, selling to third parties or for use in automated decisionmaking.

It would also require companies to inform consumers when their personal data is being collected or used, provide them with a portable version of that data, and give consent rights to parents over the data collection of teenagers.

“This bill establishes clear, enforceable protections so that Americans remain in charge of their own data and companies are held accountable for its safe keeping,” said Brett Guthrie, R-Ky., Chair of the House Energy and Commerce Committee and Rep. John Joyce, R-Pa., who led a working charged with developing the draft legislation, in a statement.

The draft bill also imposes new requirements on businesses and other organizations to limit their collection of personal consumer data to what is “adequate, relevant and reasonably necessary” and only for purposes that are disclosed to consumers in advance. They must also adopt new safeguards for customers’ personal data and disclose any third parties they share it or sell it to, including adversarial foreign governments like Russia and China.

The Federal Trade Commission would be given greater oversight of data brokers that buy, collect, repackage and sell personal data to the highest bidder. The draft bill requires data brokers to register with the FTC, comply with data minimization, disclosure and data security mandates, and creates a new national data broker registry.

Cobun Zwiefel-Keegan, managing director at the International Association of Privacy Professionals, told CyberScoop that based on the released draft and conversations on the Hill, the bill most resembles privacy laws passed by Virginia or Kentucky (the home state of Guthrie) in recent years, with an emphasis on providing notice and opt-out rights to individual consumers and often tying business compliance to “reasonable” standards of evidence that they acted to protect consumer data.  

At the same time, Zwiefel-Keegan said it could potentially further empower the Federal Trade Commission and state Attorneys General to investigate and sanction bad actors.

The bill is the product of more than 16 months of internal discussion and consensus-building within the GOP majority. While drafting it, a working group led by Rep. John Joyce (R-Pa.) and other House Republicans solicited feedback from 170 organizations and received more than 250 responses from the public to a Request for Information released last year.

While they have worked to achieve consensus within their own caucus, House Republicans did not involve Democratic members in the working group or drafting process, something observers said could make it difficult to attract bipartisan support.

Zwiefel-Keegan said that while the Republican drafters of the bill “would challenge Democrats to explain why they can’t support the type of bill that has been passed in blue states.”

But he also noted that there are “plenty of ways that people will point to how it’s weaker than a lot of blue state privacy laws,” including federal preemption of more robust state privacy laws like those in California, the lack of a private right of action allowing individuals to sue companies directly and a mandatory 45-day “curing” period that allows companies in violation of the law to come into compliance and avoid formal sanctions.  

“I think the privacy working group and the leadership of the committee thinks there’s a pretty strong chance of passing it out of committee.” After that the bill’s chances are likely dependent on other factors, like getting some Democrats on board and working with “red state representatives who may not like their own laws being preempted.”

Shortly after the draft bill was released, Rep. Frank Pallone, D-N.J., ranking member on the House Energy and Commerce Committee, said he was opposed and accused House Republicans of having “lost the plot” on passing national privacy legislation.

“This Republican privacy bill protects corporations and their bottom line, not people’s privacy,” Pallone said in a statement. “We should be protecting the little guy with a bill that empowers consumers, not one that preempts consumer protections at the behest of Big Tech.”

Eric Null, director of the privacy and data project at the Center for Democracy and Technology, indicated that the Secure Data Act falls short, calling it full of “easily exploitable loopholes” that let companies “hide behind cookie banners and lengthy terms of service rather than establishing meaningful privacy protections.”

Null was also critical of the bill’s lack of substance around AI, saying that Large Language Models pose significant privacy challenges today that will only worsen over time.

“Any federal privacy law discussed in 2026 should be future-proofed by protecting against growing AI-related privacy harms, namely by limiting data collection for AI training and preventing use of the technology to discriminate against protected classes, but this bill does neither sufficiently,” he said.

The American Civil Liberties Union also came out against the bill, with senior staff attorney Cody Venzke saying the GOP-led bill “places the onus on regular people” to sift through complex privacy policies created by businesses to request opt out or deletion of their data.

“And it leaves us without real recourse – even blocking us from going to court – if our requests go unanswered,” said Venzke in a statement.

In their joint statement, Guthrie and Joyce said they “look forward to working with our colleagues to build support for this bill and advance data privacy protections fit for our 21st century economy.”

The post House Republicans roll out national privacy bill appeared first on CyberScoop.

The House Energy and Commerce committee unanimously passed a package of bipartisan cybersecurity bills Thursday targeting the energy sector, including legislation that would reauthorize and fund a critical federal cybersecurity assistance program for rural electric utilities across the country.

The Rural and Municipal Utility Cybersecurity Act, introduced by Reps. Mariannette Miller-Meeks, R-Iowa, and Jennifer McClellan, D-Va., reauthorizes the Rural and Municipal Utility Advanced Cybersecurity program at the Department of Energy, which funnels hundreds of millions of dollars in federal grants and technical assistance every year to help rural utilities and cooperatives defend against cyberattacks and other threats.

The program was created through the 2022 Infrastructure Investment and Jobs Act and is widely viewed in the energy sector as a cybersecurity lifeline for badly underfunded electric utilities that would otherwise be a weak link in the nation’s energy cybersecurity or reliability.

Smaller utilities play a crucial role supporting the nation’s energy grids, but many lack sophisticated IT or cybersecurity operations. Industry officials say it’s not uncommon for some entities to have one or two IT or cybersecurity officials, if that. The bill approves $250 million in additional grant funding for the program over the next five years, part of which would go to implementing more modern cybersecurity technologies and enhancing information sharing.  

Speaking ahead of the vote, Miller-Meeks said her Iowa district’s electric cooperative must serve rate payers across 20 different counties and faces “the same threats as metropolitan systems but with fewer resources.”

“At a time when cybersecurity attacks on our critical infrastructure are escalating and we have not yet authorized an appropriations bill for DHS, small and rural utilities need resources to defend against nation state actors and sophisticated threats,” she said.

Ranking member Frank Pallone, D-N.J., leveled his own criticism, claiming that the reauthorization was “held up for countless months due to senseless delays” by Energy officials.

Another bill, the Energy Emergency Leadership Act, would move responsibility for the cybersecurity functions of the Office of Cybersecurity, Energy Security and Emergency Response under a single, Senate-confirmed assistant secretary.

The bill’s chief sponsor, Rep. Laurel Lee, R-Fla., directly cited reports of ongoing threats to the nation’s energy sector from Chinese state-sponsored hackers as a driver of the legislation.

“At the same time our electric grid faces an increasingly complex threat landscape, state sponsored threats like Volt Typhoon have actively targeted U.S. critical infrastructure, including our electric grid,” said Lee. “These are real and ongoing threats from foreign adversaries seeking to undermine our national security and economic stability.”

The committee also passed bills that require states to include cybersecurity in their energy plans, clarify the Secretary of Energy’s role promoting and coordinating cybersecurity of the nation’s oil and natural gas pipelines, and codify a pilot Energy Threat Analysis Center.

The post Congress looks to revive critical cyber program for rural electric utilities appeared first on CyberScoop.

A Trump administration official endorsed a slate of congressional bills Tuesday targeting cybersecurity in the energy sector while touting the office’s new emphasis on AI-driven cyber defenses. Meanwhile, Democratic members repeatedly pressed him over the cybersecurity and reliability impacts from thousands of job cuts that have taken place at the Department of Energy over the past year.

At a House Energy and Commerce Committee hearing, Alex Fitzsimmons, acting director at the Department of Energy’s Office of Cybersecurity, Energy and Emergency Response (CESER), signaled the administration’s support for a package of bills that would address cybersecurity in the energy sector.

Those bills include the reauthorization of a critical department grant program that funds cybersecurity upgrades for rural utilities, the codification of public-private information sharing partnerships, and a bill that would require states to include resilience and physical and cybersecurity issues in their energy security plans.

Fitzsimmons, who also serves as acting under secretary of energy, said CESER was working to overhaul its strategic focus and implement artificial intelligence tools, including a new program called AI-For Operationally Resilient Technologies and Systems, or AI-FORTS.

“That is prioritizing AI for cyber defense, because as threat actors invest in AI-enabled offensive cyber weapons, we need to be doing everything that we can to use AI and the technological advances of AI” to protect the country’s infrastructure, said Fitzsimmons.

CESER’s budget request for FY 2026 describes AI-FORTS as an “overarching program”  that will use AI “to develop defensive cyber tools, implement active defense measures to disrupt, deter, and recover from cyber attacks, and characterize and counter AI-enabled offensive cyber capabilities from threat actors.”

In support of these goals, the budget request states that the Risk Management Tools and Technology Division “will shift from more traditional cybersecurity R&D to focused research on AI dominance and an ability to operate through compromise.” The document also states that CESER will prioritize its technical resources on energy infrastructure that supports military installations and operations.

Democrats on the committee, meanwhile, repeatedly pressed Fitzsimmons on how CESER and the Department of Energy would implement the bills it endorsed in the wake of thousands of firings and federal departures over the past year.

When Rep. Bob Latta, R-Ohio, who chaired the hearing, asked if CESER had the staff and resources needed to execute any new authorities or duties in the legislation being considered by the committee, Fitzsimmons said “I do, yes.”

When pressed by Rep. Rob Menendez, D-N.J., on whether it was accurate that the Trump administration had fired or removed more than 3,500 Department of Energy staffers since taking office, Fitzsimmons said “sure, that’s a fair number.”

Democrats also decried hundreds of canceled or delayed grants from CESER and the Department of Energy over the past year, accusing the administration of halting the flow of billions of dollars in federal support to electrical utilities that could have been dedicated to cybersecurity.

“I’m hopeful that these cybersecurity bills will be helpful but to be honest…they’re really just a drop in the bucket when you look at the energy reliability problems the Republicans are causing for the American people,” said Rep. Frank Pallone, D-N.J..

Volt Typhoon gets scant attention

Volt Typhoon, the Chinese-linked hacking group U.S. national security officials say has burrowed into critical infrastructure, is often cited as an unprecedented threat — but it drew only scant mention from committee members.

At one point Rep. Jodie Miller-Meeks, R-Iowa, referenced the group when asking about supply chain concerns for battery management systems and other energy industries.

Fitzsimmons said “there clearly is a single point of failure in many supply chains we’re facing,” specifically citing the renewable battery, solar power and critical minerals industries.

“We are actively working to build out the supply chains for those technologies here in the United States, while simultaneously recognizing that a lot of these systems are in the field today and so we should be doing continuous testing of these systems to understand what the cyber vulnerabilities are to equip the private sector…with tools to mitigate threats,” he added.

U.S. national security officials have said Volt Typhoon’s mission is to disrupt U.S. critical infrastructure and deter American involvement if China invades Taiwan. Rep. Julie Fedorchak, R-N.D., asked how CESER was preparing U.S. companies for “a scenario where we have a cyber attack and it escalates alongside geopolitical conflicts.”Fitzsimmons suggested the administration is currently gaming out that scenario with federal agencies and industry, conducting exercises to see “what happens if you have a severe weather event…and you have constrained pipeline capacity, and you have an opportunistic cyber attack from a nation state threat actor.”

“How do you deal with that cascading challenge all at once,” said Fitzsimmons.

The post CESER chief touts AI projects as congressional Dems point to federal cuts appeared first on CyberScoop.