Sometimes transparency is a good remedy for a problem. Departments that process a large number of requests have established procedures for doing the sort of activity I describe—that is, for undertaking a risk assessment regarding a request or for undertaking consultations regarding sensitive or interesting requests. They have these things written down.
I suggested that if there is an internal procedure or guideline governing the operation of the law and affecting requester rights, that guideline or procedure should simply be published on their website. The website should say that these are the internal procedures used to process requests. If it's innocuous, there's no reason why that material could not simply be published on a departmental website. Privy Council Office could explain the processes it uses to deal with requests it calls “red files”.
The next step might then be to tell a requester that their request has been identified as a red file and is being treated in that way. I think the disclosure of information would help to avoid some of the awkwardness or confusion we may be seeing in the current discussions, and it would also encourage departments to use those practices parsimoniously.