I'm interested in what data you're displaying, and how you are authenticating to whatever backend system it's on.
lastpass has a simple timeout - after x number of minutes it logs a user out, and thus nothing sensitive is shown on screen until a user reauthenticates. There's a Deactivate event on your main form you could use to hide when a user starts another app, and then when a user returns and it's under your timeout value redisplay the sensitive data.
Its "a need to know" look at data but hide from accidental viewing. I am doing pretty much what you stated on hiding the data but leaving app up with re-login showing data again. Hide key helps too with a timeout.