I fear you will have to let go of your current idea.
There is no security possible on QVDs. Everyone with the (freely downloadable) latest version of either QlikView or Qlik Sense can read the content if they have access to those QVDs.
The solution is easy:
Don't give people access to the folder that contains QVDs of which they should not have access.
To my knowledge, that is the only (and relatively easy) solution.
I might sugest useing the QMC controlls and setting up folder connections, this way you can control who has access to the HR data by way of granting / revoking access to the folder connection.
It's important to remember that when on the server, it's never the independent users actually accessing the data... but the Qlik service account (the account running the Qlik Sense Enterprise services on the server). So the service account can access ANYTHING on the server, you need to make sure the QMC is setup to only allow the appropriate users to have the service account go get that data on their behalf.
As far as i know it is not possible to do so using section access.
Your best option would be to separate the data in the QVD files by using a separate folder and allow only certain people from certain groups access to that connector.
Another option might be to use the NTFS security from Windows and restrict access to the folder using that security layer. Users within Qlik can't access those files without appropriate rights.