want to use encryption (because of the headaches of managing keys, etc), here
is an approach that may work for you. Place the protected data fields onto a
new, response-to-document form and add a reader names field to that form. (You
can set the reader names value to a single role, or base it on a formula,
etc). Then, on the main form, provide a button which displays the protected
data fields by grabbing the response document and collecting the field values.
You could also create a computed-for-display field on the main document which
tries to get the protected fields from the response document - if it fails,
display a message such as "you do not have access rights to view this data
element." The nice part is, Reader fields in Notes are "truly" secure - this
is not like hiding a field or using different forms for the same document.