Rather than sending and storing plain text in a smart contract, the use case objective is to encrypt first and then subsequently access the data and decrypt at the point of use.
What is the most effective and efficient way of achieving this data security, ideally using web3js?
Since all transactions and data on the blockchain are public, you need to encrypt the data outside of Ethereum and insert the already encrypted data. Similarly you need to pull the encrypted data and decrypt it locally. I'm sure there are a lot of crypto libraries for javascript that will allow you to do this, web3 I doubt contains such functionality as it's out of scope for it.
eth-crypto provides cryptographic JavaScript functions, such as encrypting data with the public key and decrypting it with the private key.
