If you’ve ever wondered how your personal information is protected when it leaves Canada, or even whether it should leave at all, then you’re asking a question that Nova Scotia’s PIIDPA law was designed to answer.

Whether you’re a resident curious about your privacy rights or a public sector professional trying to understand your legal obligations, this post breaks down the Personal Information International Disclosure Protection Act (PIIDPA) in clear, plain language.

What is PIIDPA?

The Personal Information International Disclosure Protection Act (PIIDPA) is a Nova Scotia law that regulates how personal information collected by public bodies is handled when it is stored, disclosed, or accessed outside of Canada.

In short, PIIDPA is about keeping your personal information safe, especially when it crosses borders. Enacted in 2006, PIIDPA sets out rules to protect Nova Scotians’ privacy in an era when cloud computing, international service providers, and digital globalization made cross-border data flows increasingly common.

Why Was PIIDPA Introduced?

The rise of cloud services meant that public institutions in Nova Scotia , from hospitals to universities to government departments, were beginning to use vendors with data centers in the United States, Europe, and other countries.

But storing data outside Canada comes with risks:

• Other countries have different (often weaker) privacy laws.
• Foreign governments may have access to your data under their own legislation (e.g., the U.S. CLOUD Act).
• You may not be notified when your personal information is accessed, moved, or breached.

PIIDPA was created to address these risks by ensuring that:

• Personal information stays in Canada unless strictly necessary.
• Any international disclosures are tracked, justified, and documented.
• Individuals can request information about how their data has been stored or shared abroad.

Who Does PIIDPA Apply To?

PIIDPA applies to all public bodies in Nova Scotia, including:

• Provincial government departments
• Municipalities and town councils
• Health authorities and hospitals
• Universities, colleges, and public schools
• Crown corporations and government-funded organizations

If any of these organizations handle your personal data, especially if they use vendors or platforms hosted outside Canada, PIIDPA is the law they must follow.

What Does PIIDPA Count as Personal Information?

Under PIIDPA, “personal information” includes anything that can identify you as an individual. This may include:

• Your name, address, or phone number.
• Your health records or education history.
• Government IDs like your MSI number or SIN.
• Any other data that can reasonably be linked to you.

If this information is disclosed, stored, or accessed outside Canada, even temporarily, it may fall under PIIDPA’s jurisdiction.

What Are My Rights Under PIIDPA?

Nova Scotians have the right to:

• Know if their data is stored or accessed outside Canada.
• Request access to a record showing how their personal data has been disclosed internationally.
• Receive a response from the public body within a reasonable time.

You do not have to be a lawyer or tech expert to use PIIDPA. The process is open to the public and can be initiated with a formal written request. Want to see what data about you has been stored or disclosed internationally? Read our guide on how to file a PIIDPA request.

How is PIIDPA Different from FOIPOP?

Many people confuse PIIDPA with Nova Scotia’s other key privacy law: FOIPOP (Freedom of Information and Protection of Privacy).

Here’s how they differ: [insert as a table]

PIIDPA	FOIPOP
Focuses on international disclosures of personal info.	Focuses on general access to information.
Protects data when it crosses borders.	Protects your right to access government records.
Applies to public bodies’ IT/data infrastructure.	Applies to public bodies’ records and decision-making.

They are often used together, especially if you want to understand how your information has been handled both within and outside of Canada.

Why Should You Care About PIIDPA?

If you’ve:

• Applied for government services.
• Been admitted to a public hospital.
• Attended a Nova Scotia public university.
• Filled out forms for a public school or city office.

…then your personal data is likely stored somewhere, and potentially even in a different country.

Understanding PIIDPA empowers you to:

• Protect your privacy.
• Ask the right questions.
• Hold public bodies accountable.

PIIDPA in a Global Data World

In today’s digital world, data moves fast and often far beyond borders. PIIDPA ensures that Nova Scotians don’t lose visibility or control over their personal information just because a government office uses an American cloud vendor.

Whether you’re a citizen, a student, or a public sector employee, being informed about PIIDPA helps you stay on top of your data rights.

PIIDPA vs. PIPEDA: Don’t Confuse the Two

It’s easy to mix up PIIDPA and PIPEDA, their names are nearly identical, but they serve different purposes.

PIIDPA (Nova Scotia’s Personal Information International Disclosure Protection Act) applies specifically to public bodies in Nova Scotia and governs how they handle personal information stored or accessed outside of Canada.

On the other hand, PIPEDA (Canada’s Personal Information Protection and Electronic Documents Act) is a federal privacy law that applies to private-sector organizations engaged in commercial activities across most of Canada.

If you’re looking for information about business obligations under other Canadian federal and provincial privacy law, explore our guides to:

• What is PIPEDA? An Overview of the Canadian Data Privacy Law
• Quebec’s Law 25: What You Need To Know To Comply

Understanding which law applies helps you make the right kind of access request and ensures your personal information is handled appropriately under the right legal framework.