Various hardware and software configurations are described herein which provide improved security and control over protected data. In some embodiments, a computer includes a main motherboard card coupled to all input/output devices connected to the computer, and a rusted operating system operates on the main motherboard which includes an access control module for controlling access to the protected data in accordance with rules. The trusted operating system stores the protected data in an unprotected form only on the memory devices on the main motherboard. The computer may also have a computer card coupled to the main motherboard via a PCI bus, on which is operating a guest operating system session for handling requests for data from software applications on the computer. A tamper detection mechanism is provided in the computer for protecting against attempts to copy the unprotected form of the protected data onto memory devices other than the one or more memory devices used by the motherboard or computer card.