If you’re a resident of Nova Scotia, you’ve likely encountered two terms, PIIDPA and FOIPOP, when trying to access your personal information or public records. While both laws deal with information, privacy, and government accountability, they serve different purposes.

Whether you’re requesting your hospital records, checking if your data is stored outside Canada, or simply trying to understand your rights, it’s important to know which law applies to your situation and when to use it.

This blog post explains the key differences between PIIDPA and FOIPOP, how they work together, and real-world scenarios in which you might file one, the other, or both.

What Is FOIPOP?

FOIPOP stands for the Freedom of Information and Protection of Privacy Act. It’s Nova Scotia’s primary legislation that gives individuals the right to access records held by public bodies and protects personal privacy in how public bodies collect, use, and disclose information.

Originally enacted in 1993, FOIPOP applies to a wide range of government institutions, including:

• Provincial government departments
• Municipal governments
• Health authorities
• Public universities and school boards

What are the Key Features of FOIPOP?

FOIPOP is a powerful tool if you’re looking to understand what a government organization knows about you, or to access internal documentation that impacts public services, decision-making, or accountability.

It enables individuals to request any record (emails, reports, policies, etc.) held by a public body and protects Nova Scotian residents’ personal information from being improperly collected or shared. It applies only to information inside Canada and requires public bodies to respond to access requests within 30 days.

What Is PIIDPA?

PIIDPA, or the Personal Information International Disclosure Protection Act, is a more targeted privacy law enacted in 2006. It was created in response to the growing use of cloud services, global vendors, and cross-border data transfers by public sector organizations.

PIIDPA focuses specifically on:

• Preventing unauthorized storage or access to personal information outside Canada.
• Allowing individuals to request records of international disclosures.
• Ensuring public bodies protect data sovereignty and follow rules when using non-Canadian service providers.

PIIDPA is especially important in today’s digital era, where public institutions often rely on foreign software providers and cloud platforms headquartered in the United States, Europe, or other jurisdictions.

What are the Key Features of PIIDPA?

PIIDPA prohibits public bodies from storing or disclosing personal info outside Canada without authorization and applies to foreign access as well as foreign storage. It requires written records of all international disclosures and allows individuals to request those records from public bodies

Want a plain-language explanation of this law? Read our blog post on what PIIDPA is.

PIIDPA vs FOIPOP: What’s the Difference?

Here’s how these two laws compare across key categories:

Category	FOIPOP	PIIDPA
Purpose	Transparency, access to records, and personal privacy.	Protection of personal data when disclosed or stored outside Canada.
Scope	All government records and personal information.	Only personal information that has left or been accessed from outside Canada.
Use Case	You want access to internal records or general info held by public bodies.	You want to know if your personal info is stored or processed internationally.
Applies To	All public bodies in Nova Scotia.	All public bodies in Nova Scotia.
Key Powers	Right to access, request corrections, and limit improper use.	Right to know if your info was sent outside Canada; restrictions on foreign storage.
Type of Request	Broad: records, memos, reports, policies, and personal data.	Narrow: only disclosure or access of personal data across borders.

When Should You Use Each Law?

Let’s break this down into common real-life examples:

Use FOIPOP When:

• You want to access your medical records or student file.
• You’re seeking copies of meeting minutes or internal reports.
• You want to know how your personal data was collected or used.

Use PIIDPA When:

• You want to confirm if your personal information was stored abroad.
• You suspect a public body is using U.S.-based cloud platforms.
• You want to request a record of international disclosures.

Tip: It’s common (and recommended) to submit both requests together to get a complete picture of how your data has been handled.

How FOIPOP and PIIDPA Work Together

These laws are complementary tools in protecting your information rights. FOIPOP covers general access and privacy. PIIDPA adds geographic limits and international safeguards.

By using them together, you can:

• Access your personal records (FOIPOP).
• Discover if they were sent abroad (PIIDPA)
• Hold public bodies accountable for international data use

How to File a PIIDPA Request

Both PIIDPA and FOIPOP requests can be submitted to the Information Access & Privacy Services team within Nova Scotia’s Department of Justice.

You’ll need:

• A written request (use the appropriate forms).
• Basic identifying information.
• A clear description of what you’re requesting.

Need help getting started? Use this step-by-step walkthrough: How to File a PIIDPA Request in Nova Scotia.

Why This Matters in 2025 and Beyond

With more public bodies relying on digital tools, remote work platforms, and international vendors, understanding how your data is stored, processed, and protected is more important than ever. Together, they help Nova Scotians stay informed, protect their privacy, and ensure public institutions remain accountable.

Why Carbide is the Trusted Compliance Partner for Nova Scotia Organizations

As a company proudly headquartered in Nova Scotia, Carbide understands our province’s regulatory landscape, including the dual responsibilities created by PIIDPA and FOIPOP. Our platform is purpose-built to help both public and private sector organizations operationalize data protection, manage compliance with provincial and international privacy laws and security standards by building a security-first culture.

Whether you’re navigating cross-border data disclosures under PIIDPA or responding to FOIPOP access requests, Carbide provides the tools, policies, and workflows to ensure you’re always audit-ready and fully accountable with built-in support for Canadian privacy laws and others like HIPAA  or GDPR.

Learn more about how Carbide can help your organization simplify compliance by getting a free consultation with our security experts.