The amassing of data in any database brings with it attendant security risks. The extent of them I cannot comment on.
I would indicate that your concerns are connected to amendments that we have raised in our brief regarding the handling of data. Right now, the information-sharing powers within the Canadian government that would be enabled by Bill C-26, if passed unamended, are extremely broad.
One limit that we recommended, for example, is that the use of the information being shared should be constrained to cybersecurity objectives, and not piggybacked objectives that are layered on after the fact. Retention limits should be strictly defined to address the very concern that you're raising.
In that way, while there is understandably a need for some examination of critical information to enable that mandate to be fulfilled, it should be very strictly defined within the legislation itself.