Occasionally I will come across a requirement to allow for some CRM notes to be private and only readable by the person who creates them. In my opinion, this is generally a bad idea.
In CRM 2013 and 2015, the user interface for notes does not allow users to open the note form. They must be interacted with from the social pain (mis-spelling intentional). This interface does not give us access to share, run workflow, or any custom fields on the note record, and therefore limits the typical options that we will use to provide selective security to records.
The bigger issue is that by providing the ability for some notes to be private, it is very common for users to start marking all notes as private. The result will be that CRM will be a less collaborative platform, and what’s the point of putting data in CRM if I’m the only one that can see it?
If you must use private notes, my recommendation is to use a custom entity to hold the private notes, then set the permissions on that entity appropriately. But make sure that you set expectations and train your users that only truly private information should go there, so that the non-private data can still be viewed by all users.