For starters, see "Editing record access privileges" in FileMaker Help and check out this particular sub section: "Entering a formula for limiting access on a record-by-record basis" for a detailed description of how to set this up.
Once you can get this to work for just FileMaker, you'll need to figure out how you want to manage accounts for those accessing the database from their web browser. (There's a help document on IWP that comes with FileMaker, have you read it? Look for it in the Product Documentation section of the Help menu.)
Thanks Phil, I've had a quick look at those resources but will need to dedicate some more time before I fully understand it. Can't risk opening the data up to all...