There's a fundamental that I haven't seen mentioned: Who owns the box? Root on the box will have access to your file no matter what you do, and if they aren't a trusted entity, I would check all other avenues for before you even start considering how to secure the data itself. Most places know that there's money that needs to be spent when dealing with any sort of PII/HIPPA/FERPA data. It's the nature of it.
That said, (along with all the other valid points brought up by fellow monks above) have you considered using truecrypt? You could conceivably put your data in a container, mount the container with a key that you supply or only have access to, then unmount and shred the file if it doesn't need to lurk. If you go this route, I'd see about automating the rotation of keys so each time you have to update the data, you're using a different key each time.