Not sure if this will help any but here is a situation I dealt with.
Last time I had a situation like this I changed the directory structure to act like a wall such as
Datalocation->
- Folder 1 -> Access to users
- Folder 2 -> Access to users
- Folder 3 -> Confidential Data beyond this point ( set CHMOD ) to disallow access to all files here to those who shouldnt have access
https://en.wikipedia.org/wiki/Chmod