I would agree with that.
The problem we have right now with our current review structure is that we have three specialized national security bodies that are stovepiped to three different agencies that are constrained in their ability to coordinate. Then we have the Privacy Commissioner, who has a limited subject matter jurisdiction across all of government. Trying to get those bodies to work together would require some substantial reweaving of the existing law, but more than that, we have to ask what we would accomplish at the end if we empowered the Privacy Commissioner to perform this siloed subject matter jurisdiction in relation to simply information sharing.
I would echo Professor Roach's comment that information sharing is going to be intertwined with operational considerations that are specific to national security, and having a dedicated national security reviewer looking at the information sharing probably is more advantageous than using the Privacy Commissioner.