We have a folder structure like this:
Each project/task is tagged with a folder from each of these categories (Company A, Location B, IT, 2017). If a task is sensitive, a user should only be able to see it if they have access to all folders tagged on that task/project.
ie: 'Let Employee X Go' is tagged with Company A, Location B, HR, 2017. If a user does not have access to HR, they should not see the task in the Company A, Location B or 2017 folder.