For now it would be up to agencies like CSIS and the RCMP to characterize their shares. If they tell you that they've shared 18 times, it's up to them to generate that output based on whatever the sharing was. There's actually no established rule for saying what constitutes a sharing of information. They could reveal the entire content of a database and call that one instance of sharing.
On December 8th, 2016. See this statement in context.