What you shouldn't do is keep the encrypted data and the key on the same server, like you said, that's the same as those people putting post-it notes with username/passwords on their monitor.
The only thing I can come up with is just think up a password and let the user(s) type that password when they want to view the data. To prevent the user from having to type this password over and over again you could store it in a session. But make sure the session is cleaned up when the user logs out / is inactive for some time.
This of course opens the possibility of session hijacking, might want to look into that. There are some counter-measures, but I haven't been able to come up with a water-tight solution thusfar.
Note that when you want to use a new password you have to dectypt all the data, and then encrypt it with the new password.
Also note that users providing an incorrect password get garbage instead of the original data. AFAIK there is no way to check if the passord the user entered is correct.
PS. If you this, you should probably also use SSL (https), because otherwise it can still be sniffed (man in the middle attack)