Yes, this is a good approach. I'm assuming that it is ok for users to have their separated (and encrypted) data sets which do not need to be reconciled or joined accross all the users? You can create separate databases and encrypt each of them based on some encryption pass-phrase entered by each user (such as a password they would have to enter to access and encrypt their data automatically), upon logging in to the application. You may want to implement some auto-logout to shutdown the database when there is no activity after a period of time...Additionally, you can use GRANT/REVOKE (authorization) statements to enforce that only a particular user can have access to the data for a particular database (if this last one has not been closed when a user logs off - which of course should be taken care by the application and ensuring the database gets closed upon inactivity or log off for a user).
Since, it is an application shared across one single desktop, it should be fine as only one user will be able to use the application and open its encrypted database (with its data sets) to manipulate it. Of course, you can always add security at the OS level to re-enforce access restriction to some database directory, as long as the Derby engine can have access to it...
Once again thanks for your responses.
I decided that my application will be creating a hidden directory with database files in user's home directory at first use. It means that there will be separate databases for each user on a particular machine. This allows to encrypt the database and prevents users from seeing each other's measurements.
Is this a right approach? I hope so ;)
Later on, I plan to create a server side application (to keep track of many patients measurements in the hospital) and then I will probably use JavaCards (I would like to thank Mr Francois Orsini for pointing it out).