Through collection, the CSE can gather a lot of information. It's sort of the same dynamic as CSIS and the concept of dataset.
The starting point allows for a fairly vast collection of information. However, not only does a provision, clause 25, require the CSE to enforce measures to protect privacy, but those measures are clearly defined elsewhere in the bill, in clauses 35 and 44 as well as other clauses.
Not only does the CSE have a general duty to protect privacy, but privacy is very clearly defined in some provisions. Once again, this ultimately leads us to the following conclusion: the information must be essential to the CSE's mandate before CSE analyzes, stores, uses and exploits the information.
Once again, we are working with the test of necessity. I would even say strict necessity, when we talk about what is essential to the CSE's mandate.