Storage modules, such as removable memory cards and USB devices, are often connected to a host so that an application on the host can store data in the storage module. A user can then remove the storage module from that host and connect it to another host, so an application on that other host can read the data. To prevent the data from being accessed by an unauthorized entity, the host can encrypt the data before the data is sent to the storage module for storage. That way, if an unauthorized entity somehow gains access to the data, the unauthorized entity will not be able to read the data since it is encrypted. Instead of the host encrypting the data, the storage module can encrypt the data. Also, the storage module can store encrypted or unencrypted data in a secure (private) memory area that can only be accessed by an entity that authenticates to the storage module.