It's just that things are not always very clear, especially for the department that discloses the information and is not an expert on national security. I agree that, for the institution that discloses the information, the standard is a little more permissive. The new section 5 is not perfect, but it does the job. Its application ensures that the institution that discloses the information—the Department of Agriculture, for example, does not have many national security experts—feels empowered to do so. That's good.
When CSIS receives information, it must analyze it. It knows what it needs for its work and what is superfluous. After the analysis, CSIS should have not only the power but also the legal obligation to dispose of any information that it no longer needs for its work.