A method and apparatus for providing multi-domain control over a digital data item via a first domain security policy assigned to the digital data item at a first domain, the data item being transferred from the first domain to a second domain, the second domain being autonomous from the first domain in respect of security policies. The method comprises assigning the security policy to the digital item within the first domain; transferring the digital items to the second domain together with data defining the first domain security policy; analyzing the first domain security policy within the second domain; and distributing and/or allowing usage of the digital items within the second domain in accordance with analyzed first domain security policy, and/or reporting breaches or attempted breaches of the policy.