Yeah, this is probably something along the lines of what we'll need to do.
Unfortunately, it's not a question of "the datacenter". Rather, it's a separate company that's providing data to us (and then we will have sub-contracts with other companies to do some of the servicing, but not all). We need to be able to demonstrate (should anyone ever ask) that the data we're providing to our subs is not plain-text readable by anyone here.
We don't have to say that we couldn't read it if we wanted to. We just say that we've got a Standard Operating Procedure (SOP) that says that we don't decrypt data which isn't for us. Hence, we're not particularly concerned with "stare-ability" - just the ciphering.
Btw, that was why I had the (subtle) invitation to golf a ciphering/deciphering algorithm which allowed for different "salts".