The security subsystem is exactly about the case you are describing. Create a role “Most of the users”, go to the attributes section and hide user and brunch attributes. Apply this role to that most of users, who are not allowed to see that information and magic will happen automatically when you login under one of those restricted users.
P.S. I would recommend going through the hands-on lab, that has a very detailed section about security setup process. It should not take longer than 2-3 hours of your time, but will show the most common basic approaches of the Platform.