Security services and policy enforcement for electronic data is provided through a series of transactions among a server and clients using electronic security certificates. A first client generates a digest from the electronic data, and submits a security certificate request containing the digest to a trusted arbitrator server, where the request is time stamped and logged. The trusted arbitrator authenticates the first client's credentials and returns the security certificate to the first client. The data and security certificate are combined to create a distribution unit. A second client acquires the distribution unit, extracts the security certificate, and generates a digest from the data. If the digest from the second client matches the logged digest from the first client, the data is valid. Depending on the certificate type and policy level, the trusted arbitrator server provides other services to the clients, such as notification of improper user of the data.