To my mind, it would actually be impossible to legislate, for example, a precise list of how exactly CSIS is meant to share every form of intelligence on a scale of most-to-least reliable with every possible public, private and civil body that it now can. Rather, I would see it as falling within regulations, and they would be more in terms of guidance for CSIS rather than a prescriptive list.
Depending on the nature of the intelligence, you would almost have to imagine a situation where if there is an entity like a university or a corporation, for example, it would have to have basically an employee or designated office to receive intelligence information. Perhaps in exchange for working with CSIS, it would have to submit basically what its information management plan is, to become a formal partner ongoing.