Abstract: Data security methods are described. In response to determining that a part of a data item is encrypted, a request for a decryption key associated with the part of the data item is sent from a first client device to a remote computing device. The first client device, or a second client device associated with the first client device, receives the decryption key associated with the marker, obtains the encrypted data and decrypts the encrypted data using the decryption key. The decrypted data is only temporarily output, for a period of an output session, in a position of the encrypted part of the data item and the decryption key and decrypted data may be discarded after the output session. The encrypted data may be contained within the data item or may be requested from a remote computing device based on a marker within the data item.