Think like how PGP works. The secret data can be encoded with a session key unique to that data, and the key to decrypt that data is then encrypted using the actual user key. Done that way, all you need is a second copy of the decryption key, this time encrypted by the designee's key. It can also be flagged as a one-time-use-only key, which when successfully decrypted can be destroyed.