I've answered my own question, more or less. We've decided to go with the EFS feature in Windows to keep the data encrypted at all times. We did not want the backup account to have the appropriate certificates to decrypt the data. By adding the backup account to the backup operators group, we were able to back up the encrypted data without being able to read it.
For anybody who tries this, please make sure to export your certificates. If your machine dies and you need to restore from backup, you will not be able to access any of your data without first importing the certificate from the old machine.