I guess what you're asking is whether or not the standard should be more forgiving of sharing information—I'm using “information” to include data—or less forgiving of sharing. Again, it comes back to a question of balance.
From my perspective, if this is a national security piece of legislation, which I gather it is, we ought to marry up the definitions for the national security agency. They ought to be harmonized and rationalized to the service mandate. As for whether it should be based on necessity or relevancy, the service should only share it if it's necessary and should only use it if it's necessary. The service should have a necessity requirement built in. So too should the agencies that are sending information.