If I can jump in, I note from your remarks that SCISA provides a mechanism for proactive disclosure, and so it does provide a new authority to facilitate information-sharing.
We had Professors Roach and Forcese attend before us. They recommended that we adopt the Privacy Commissioner's recommendation to amend section 5 of SCISA to require that shared information be necessary or proportionate, and not simply relevant to the receiving institutions' security jurisdiction.
I wonder if you would agree, and if you wouldn't agree, why that would be a bad idea for your organizations.