add another condition to the where clause:
AND UserID = paramUserID
Variable
Name:paramUserID
Type: int
Default value: -1
Run Time Value: $_SESSION['SecurityAssist_UserID']
that way if they change the URL parameter, it wont show the record unless it is theirs.