Perhaps I'll start with the protections that exist, and then explain what this amendment would do over and above that.
There are already restrictions in the text on the ability to share confidential information, which would include personal information. Proposed subsection 15.7(1) has a prohibition on sharing information designated as confidential. Furthermore, proposed subsection 15.7(2) states that even sharing non-confidential information cannot be done if it is used for a purpose that would be penal. We've had some amendments today to further clarify the designation of personal information as confidential and the application of the Privacy Act.
What this amendment would do is specify that sharing any of the collected information with another party has a notification requirement that goes with it. It doesn't prohibit the sharing. It says we need to notify the parties. Given that personal information would already be restricted from being shared to begin with, we would be talking about notifying the telecom operators each time we share non-sensitive information with an ally. Essentially, we collect a range of information, such as the number of cyber-incidents over the past year and the causes of those incidents. Were we to share that information with an ally, we would then have to notify each of the telcos.
On the one hand, protections regarding personal information exist. On the other hand, it creates the unusual circumstance where we would be notifying the telecom community of international relations discussions.