Privacy & Security Services in Nova Scotia
End-to-end privacy and security support for organizations in Nova Scotia.
Nova Scotia businesses engaged in commercial activity are governed by the federal Personal Information Protection and Electronic Documents Act, PIPEDA, with oversight from the Office of the Privacy Commissioner of Canada. The province has not enacted a general private-sector privacy law, so PIPEDA's framework — ten fair information principles covering the full lifecycle of personal information handling — applies broadly across industries. Privacy complaints from Nova Scotians about how private-sector organizations handle their information go to the federal commissioner, who can investigate, mediate, and make findings.
Health-sector organizations in Nova Scotia operate under an additional layer of obligation. Nova Scotia's Personal Health Information Act, PHIA, governs how custodians in the health sector — a defined category that includes hospitals, physicians, and other healthcare providers — collect, use, disclose, retain, and destroy personal health information. The statute is recognized as substantially similar to PIPEDA for health information custodians, and oversight sits with the Office of the Information and Privacy Commissioner for Nova Scotia. PHIA gives individuals access and correction rights and confers on the Review Office meaningful powers to investigate complaints and audit compliance. Outside the defined custodian category, general commercial activity in Nova Scotia remains under federal PIPEDA.
Privacy Horizon serves Nova Scotia organizations across the full range of privacy and security work their obligations require. For PIPEDA-governed businesses — the majority of the private sector — our work includes privacy impact assessments, gap analyses against the ten principles and related regulatory expectations, and compliance programs that build genuine accountability rather than paper-based compliance. For health-sector custodians under PHIA, we bring familiarity with the statute and how Nova Scotia's IPC has applied it in practice. Our on-call advisory gives Nova Scotia organizations access to senior expertise when time-sensitive decisions arise — a new data sharing arrangement, an incident with breach notification implications, a vendor contract that raises collection scope questions. We round out our service offering with staff and leadership training tailored to the regulatory obligations that Nova Scotia organizations actually face.
Privacy & security regulation in Nova Scotia
Regulator: Office of the Information and Privacy Commissioner for Nova Scotia
In Nova Scotia, private-sector businesses are governed by Canada's federal privacy law, PIPEDA, overseen by the Office of the Privacy Commissioner of Canada. Personal health information held by custodians is separately governed by the Personal Health Information Act (PHIA), with oversight by the Office of the Information and Privacy Commissioner for Nova Scotia.
PIPEDAPersonal Information Protection and Electronic Documents Act
PIPEDA is Canada's federal private-sector privacy law. It sets out ten fair information principles governing how organizations collect, use, and disclose personal information in the course of commercial activity. It applies wherever a province has not enacted substantially similar legislation — and, even in provinces that have (Alberta, British Columbia, Québec), it continues to apply to federally regulated businesses such as banks, airlines, and telecommunications, and to personal information that flows across provincial or national borders.
PHIA (Nova Scotia)Personal Health Information Act (Nova Scotia)
Nova Scotia's health-sector privacy law governing the collection, use, disclosure, retention and destruction of personal health information by custodians. It is deemed substantially similar to PIPEDA for health information custodians, and gives individuals access, correction and review rights. Oversight is by the Office of the Information and Privacy Commissioner for Nova Scotia (the Review Office). General commercial activity outside the health sector is governed by federal PIPEDA.
What Privacy & Security includes
From assessments to compliance programs and ongoing advisory, we provide the full range of privacy and security support organizations need under Canadian law.
Assessments
Privacy impact assessments, threat & risk assessments, and gap analysis.
Compliance Programs
Guided programs to reach and maintain compliance.
Advisory
On-call senior privacy and security guidance.
Training
Practical training for staff and leadership.
Health-sector compliance under Nova Scotia's PHIA
Nova Scotia's PHIA creates obligations for health-sector custodians that operate in parallel to, and in some respects distinctly from, the PIPEDA framework that governs the rest of the private sector. Custodians need clear policies for the collection, use, and disclosure of personal health information, documented processes for responding to individual access and correction requests, and incident response procedures aligned to the IPC's oversight expectations. Privacy Horizon supports Nova Scotia health-sector organizations through privacy impact assessments, policy development, and compliance advisory grounded in PHIA's specific requirements.
PIPEDA compliance across Nova Scotia's commercial sector
For the broad majority of Nova Scotia businesses, PIPEDA is the law that governs their handling of customers', employees', and clients' personal information. Getting that compliance right means more than having a privacy policy — it means accountability, meaningful consent, data minimization, safeguards proportionate to the sensitivity of the information, and the ability to respond to access requests and complaints. Privacy Horizon designs compliance programs that reflect how Nova Scotia organizations actually operate, not how an abstract regulatory framework imagines they do.
Other services in Nova Scotia
Privacy & Security elsewhere
What's Protecting Your Business from the Next Threat?
Don't wait for a breach to expose your vulnerabilities. Let Privacy Horizon secure your data, ensure compliance, and build lasting trust.

