Hi Craig,
I have faced the same issue in the past, and it is especially pronounced when the development work requires giving complete access to the server or all of the source code.
NDAs are very common with freelancers in the US, but if a NDA is signed with a semi-anonymous developer in a jurisdiction where enforcement is unrealistic makes it a difficult decision. One can try and work with IT shops rather than individual developers, but they often just re-outsource the work to individuals anyway.
Realistically, the options are to either trust the developer, or to try and give them small pieces of work, which then have to be re-assembled by an in-house developer. It also makes it difficult to outsource for server administration or the like.
In your particular case the best option would be to write scripts to obfuscate the sensitive data, or else prepare a smaller database containing only fictional data. If the work requires large datasets, consider adding the creation of dummy data as a work item.
Regards,
Sean