It's an interesting one. It is, I think, worth further discussion.
For the recipient organization, I think they should collect only the information that's necessary for their operations, the information that relates to their statutory obligations related to threats to the security of Canada. As an example, if there was a written request for particular information and the head of that institution, which is listed in schedule 3 of the act, certified that the information was necessary for their lawful activities, and each request was subject to scrutiny and oversight, it would be a very significant improvement on the act.