If it is that important, it is worth paying for a service to protect it IMHO. If your place of work values what data it transfers, it should already have a mitigation process for encryption and data handling in place. I wouldn't expect your ISP to sell that data specifically, but it will likely be in a bulk report. No different than when you use your credit card, discount cards, membership cards, frequent flier miles, vehicle registration, cable TV service, POTS telephone services, etc...pretty much anything with a membership in the past several decades has already been doing what this new bill is going to let ISP's do now. It sucks, but really it's just more data on what you do...they probably don't want your work, but they do want to know what you search for, buy, when you buy it, what you window shop for, any metric that can be sold to other companies in the hopes of getting you to buy something you didn't need so they all make a profit. That's what it's all about in the end...and it sucks.
If you want to anonymize your browsing pattern, look into Tor more. I don't use it often, but even there you're not 100%. 100% would be simply unplugged from the Internet. Even then your digital fingerprints would take some time to fade, years or even decades.
PIA has been solid in my experience and testing, but like many other providers they can and may eventually be forced to hand over their encryption keys which makes the service useless. For now though I haven't read or seen any issues with that or a few of the close competitors I researched before renewing this year. Frankly I'm very happy with the service, and $40/yr is pretty affordable for a VPN service.
Tunneling your network traffic through an encrypted VPN service on IPSEC or OVPN using AES256 encryption, with at least 2048-bit or higher handshake and SHA256 validation is what I would recommend if you go with any VPN.
If your guy's data is truly needing to be secure, a site-to-site VPN between you and them is critical. Not knowing if you work remotely, if you do, this is what I'd suggest. That or what is called a road warrior VPN (where you run software to connect to a VPN tunnel service, how I connect to my OVPN server at home or connect to PIA) if you travel. That or if you do regular data transfer services to specific vendors, setting up a VPN agreement with them would be highly suggested.
Another option is to compress and encrypt the data you're transferring, I use that with 7Zip and passworded AES256 encryption. Though depending on package sizes this could be a challenge...but you could go with a cloud storage service (many, if not all...grab data metrics about what they can access...and have since the start).
What you might be afraid of losing is likely already been seen or indexed in one form or another...but you can empower yourself and at least make it more of a pain in the ass to see what the hell you're doing. Tor and VPN's are options, encryption is the key. Transferring encrypted documents and containers over an encrypted VPN would be a very good way to go as well.
If you wanna hide, you're gonna have to work at it...there is no easy and free solution. How much is your data worth to you? Definitely weigh that in if you decide to cheap out on a solution that isn't good enough. Sounds like you might not go VPN anyways...hopefully you can find a solution that suits your needs. VPN's are great though, I've setup dozens for various clients...these VPN services come and go... but in business, if you have a good business relationship...a VPN agreement is really the way to go IMHO. Dedicated storage, subnets, and routing rules to limit access beyond a specified area, a secure encrypted tunnel between sites...but in some cases that isn't an option.
Good luck and keep us posted on what you decide.