CHAPTER 3
OF THE
ACTS OF 2006
An Act to Protect the Personal
Information of Nova Scotians
from Disclosure Outside Canada
Short title
1This Act may be cited as the Personal Information International Disclosure Protection Act. 2006, c. 3, s. 1.
Interpretation
(a)"affiliate" means an affiliate within the meaning of the Companies Act;
(b)"associate" means, in relation to a service provider,
- (i)an officer, director or partner of the service provider,
(ii)an affiliate of the service provider,
(iii)a subcontractor, or further subcontractor, of the service provider or an affiliate of the service provider, and
(iv)an employee, officer, director or partner of an affiliate referred to in subclause (ii) or of a subcontractor or further subcontractor referred to in subclause (iii),
to or through whom access is made available to personal information that is held because of the service provider's status as a service provider;
(c)"employee", in relation to a public body, includes
(d)"foreign demand for disclosure" means a subpoena, warrant, order, demand or request that is
- (i)from a foreign court, an agency of a foreign state or another authority outside Canada, and
(ii)for the unauthorized disclosure of personal information to which this Act applies;
(e)"head", in the case of a public body that is a municipality, means the responsible officer as defined by Part XX of the Municipal Government Act;
(f)"public body" means a public body as defined by the Freedom of Information and Protection of Privacy Act and includes a municipality as defined by Part XX of the Municipal Government Act;
(g)"service provider" means a person who
- (i)is retained under a contract to perform services for a public body, and
(ii)in the course of performance of the services, uses, discloses, manages, stores or accesses personal information in the custody or under the control of a public body;
(h)"unauthorized disclosure of personal information" means the disclosure, production or provision of access to personal information to which this Act applies if that disclosure, production or access is not authorized by this Act.
(2)Subject to subsection (1), words and expressions have the same meaning as in the Freedom of Information and Protection of Privacy Act.
(3)Where there is a conflict between this Act and any other enactment, this Act prevails over the other enactment. 2006, c. 3, s. 2.
Application of Act to persons
(b)all directors, officers and employees of a public body;
(c)all employees and associates of a service provider; and
(d)for greater certainty, the Conflict of Interest Commissioner appointed pursuant to the Conflict of Interest Act, the Ombudsman appointed pursuant to the Ombudsman Act and the Review Officer appointed pursuant to the Freedom of Information and Protection of Privacy Act, their employees and, in relation to their service providers, the employees and associates of those service providers, as if those officers and their offices were public bodies. 2006, c. 3, s. 3; 2010, c. 35, s. 43.
Application of Act to records
4(1)This Act applies to all records in the custody or under the control of a public body, including court administration records.
(2)Notwithstanding subsection (1), this Act does not apply to
(a)published material or material that is available for purchase by the public;
(b)material that is a matter of public record;
(c)a record in a court file, a record of a judge of the Nova Scotia Court of Appeal, Supreme Court of Nova Scotia, Family Court for the Province of Nova Scotia or Provincial Court of Nova Scotia, a judicial administration record or a record relating to support services provided to the judges of those courts;
(d)a note, communication or draft decision of a person acting in a judicial or quasi-judicial capacity;
(e)a record of a question that is to be used on an examination or test;
(f)material placed in the custody of the Public Archives of Nova Scotia by or for a person, agency or other organization, other than a public body;
(g)material placed in the archives of a public body by or for a person, agency or other organization other than the public body; or
(h)a record relating to a prosecution if all proceedings in respect of the prosecution have not been completed.
(a)limit the information otherwise available by law to a party to litigation in Canada including a civil, criminal or administrative proceeding;
(b)affect the power of any court or tribunal in Canada to compel a witness to testify or to compel the production of documents;
(c)prevent access to records maintained in a public office for the purpose of providing public access to information; or
(d)restrict disclosure of information for the purpose of a prosecution in Canada. 2006, c. 3, s. 4.
Information to be stored and accessed in Canada
5(1)A public body shall ensure that personal information in its custody or under its control and a service provider or associate of a service provider shall ensure that personal information in its custody or under its control is stored only in Canada and accessed only in Canada, unless
(a)where the individual the information is about has identified the information and has consented, in the manner prescribed by the regulations, to it being stored in or accessed from, as the case may be, outside Canada;
(b)where it is stored in or accessed from outside Canada for the purpose of disclosure allowed under this Act; or
(c)the head of the public body has allowed storage or access outside Canada pursuant to subsection (2).
(2)The head of a public body may allow storage or access outside Canada of personal information in its custody or under its control, subject to any restrictions or conditions the head considers advisable, if the head considers the storage or access is to meet the necessary requirements of the public body's operation.
(3)Where the head of a public body makes a decision pursuant to subsection (2) in any year allowing storage or access outside Canada, the head shall, within ninety days after the end of that year, report to the Minister all such decisions made during that year, together with the reasons therefor.
(4)In providing storage, access or disclosure of personal information outside Canada, a service provider shall only collect and use such personal information that is necessary to fulfill its obligation as a service provider, and shall at all times make reasonable security arrangements to protect any personal information that it collects or uses by or on behalf of a public body. 2006, c. 3, s. 5.
Foreign demand for disclosure
6(1) Where a public body, an employee of a public body or an employee or associate of a service provider
(a) receives a foreign demand for disclosure;
(b)receives a request to disclose, produce or provide access to personal information to which this Act applies and the public body, employee or associate of a service provider receiving the request
- (i)knows that the request is for the purpose of responding to a foreign demand for disclosure, or
(c) has reason to suspect that unauthorized disclosure of personal information has occurred in response to a foreign demand for disclosure,
the head of the public body, the employee of the public body or the employee or associate of a service provider, as the case may be, shall immediately notify the Minister.
(2)The notice pursuant to subsection (1) must include, as known or suspected,
(a)the nature of the foreign demand for disclosure;
(b)who made the foreign demand for disclosure;
(c)when the foreign demand for disclosure was received; and
(d)what information was sought by or disclosed in response to the foreign demand for disclosure. 2006, c. 3, s. 6.
Protection of employees
7(1)In this Section, "employer" includes the persons referred to in clause 3(c).
(2)An employer, who is a service provider or an associate of a service provider, shall not dismiss, suspend, demote, discipline, harass or otherwise disadvantage an employee of the employer, or deny that employee a benefit, because
(a)the employee, acting in good faith and on the basis of reasonable belief, has notified the Minister pursuant to Section 6;
(b) the employee, acting in good faith and on the basis of reasonable belief, has disclosed to the Minister that the employer or any other person has contravened or is about to contravene this Act;
(c) the employee, acting in good faith and on the basis of reasonable belief, has done or stated an intention of doing anything that is required to be done in order to avoid having any person contravene this Act;
(d)the employee, acting in good faith and on the basis of reasonable belief, has refused to do or stated an intention of refusing to do anything that is in contravention of this Act; or
(e)the employer believes that an employee will do anything described in clause (a), (b), (c) or (d). 2006, c. 3, s. 7.
Prohibition on disclosure
8A person referred to in Section 3 who has access, whether authorized or unauthorized, to personal information in the custody or under the control of a public body, shall not disclose that information except as authorized pursuant to this Act. 2006, c. 3, s. 8.
Disclosure outside Canada
9(1)A public body shall ensure that personal information in its custody or under its control and a service provider or associate of a service provider shall ensure that personal information in its custody or under its control is disclosed outside Canada only as permitted pursuant to this Section.
(2)A public body, service provider or associate of a service provider may disclose outside Canada personal information in its custody or under its control
(a) in accordance with this Act;
(b) where the individual the information is about has identified the information and consented, in writing, to its disclosure inside or outside Canada, as the case may be;
(c)in accordance with an enactment of the Province, the Government of Canada or the Parliament of Canada that authorizes or requires its disclosure;
(d) in accordance with a provision of a treaty, arrangement or agreement that
- (i)authorizes or requires its disclosure, and
(ii)is made under an enactment of the Province, the Government of Canada or the Parliament of Canada;
(e) to the head of the public body, if the information is immediately necessary for the performance of the duties of the head;
(f) to a director, officer or employee of the public body or to the head of the public body, if the information is immediately necessary for the protection of the health or safety of the director, officer, employee or head;
(g) to the Attorney General or legal counsel for the public body, for use in civil proceedings involving the Government of the Province or the public body;
- (i) collecting moneys owing by an individual to Her Majesty in right of the Province or to a public body, or
(ii) making a payment owing by Her Majesty in right of the Province or by a public body to an individual;
- (i)licensing or registration of motor vehicles or drivers, or
(ii)verification of motor vehicle insurance, motor vehicle registration or drivers' licences;
(j)where the head of the public body determines that compelling circ*mstances exist that affect anyone's health or safety;
(k)so that the next of kin or a friend of an injured, ill or deceased individual may be contacted; or
(l)in accordance with Section 10 or 11.
(3) In addition to the authority pursuant to this Section, a public body that is a law enforcement agency may disclose personal information in its custody or under its control to
(a) another law enforcement agency in Canada; or
(b) a law enforcement agency in a foreign country under an arrangement, a written agreement, a treaty or an enactment of the Province, the Government of Canada or the Parliament of Canada.
(4)The head of a public body may allow a director, officer or employee of the public body to transport personal information outside Canada temporarily if the head considers it is necessary for the performance of the duties of the director, officer or employee to transport the information in a computer, a cell phone or another mobile electronic device. 2006, c. 3, s. 9.
Disclosure for research
10A public body may disclose outside Canada personal information for a research purpose, including statistical research, if
(a)the research purpose cannot reasonably be accomplished unless that information is provided in individually identifiable form;
(b)any record linkage is not harmful to the individuals that information is about and the benefits to be derived from the record linkage are clearly in the public interest;
(c)the head of the public body concerned has approved conditions relating to
- (i)security and confidentiality,
(ii)the removal or destruction of individual identifiers at the earliest reasonable time, and
(iii)the prohibition of any subsequent use or disclosure of that information in individually identifiable form without the express authorization of that public body; and
(d)the person to whom that information is disclosed has signed an agreement to comply with the approved conditions, this Act and any of the public body's policies and procedures relating to the confidentiality of personal information. 2006, c. 3, s. 10.
Disclosure by Public Archives
11The Public Archives of Nova Scotia, or the archives of a public body, may disclose outside Canada personal information for archival or historical purposes where
(a)the disclosure would not be an unreasonable invasion of personal privacy;
(b)the disclosure is for historical research and is in accordance with Section 10;
(c)the information is about someone who has been dead for twenty or more years; or
(d)the information is in a record that is in the custody or control of the archives and open for historical research on the coming into force of this Act. 2006, c. 3, s. 11.
Offence and penalties
12Every director, officer or employee of a public body, other than a service provider or an employee or an associate of the service provider, who maliciously discloses personal information in contravention of this Act or the regulations is guilty of an offence and liable on summary conviction to a fine of not more than two thousand dollars or to imprisonment for six months, or both. 2006, c. 3, s. 12.
Offences and penalties for service providers
13(1)A service provider, or an employee or associate of a service provider, who, in relation to personal information that is held because of the service provider's status as a service provider,
(a)contrary to subsection 5(1), stores or allows access to personal information to which that subsection applies;
(b)contrary to subsection 5(4), collects or uses personal information to which that subsection applies or fails to make reasonable security arrangements to protect that information; or
(c)contravenes Section 6, 7, 8 or 9,
(2) Where a corporation is guilty of an offence under this Section, an officer, director or agent of the corporation who authorizes, permits or acquiesces in the commission of the offence is also guilty of an offence, whether or not the corporation is prosecuted for the offence.
(3)A person who is guilty of an offence under this Section is liable on summary conviction to
(a)in the case of an individual, other than an individual who is a service provider, a fine of not more than two thousand dollars;
(b) in the case of an individual who is a service provider, a fine of not more than twenty-five thousand dollars; or
(c)in the case of a corporation, a fine of not more than five hundred thousand dollars.
(4) A prosecution for an offence contrary to this Section may not be commenced more than
(a)one year after the date on which the act or omission that is alleged to constitute the offence occurred; or
(b)where the Minister issues a certificate described in subsection (5), one year after the date on which the Minister learned of the act or omission referred to in clause (a),
(5) A certificate purporting to have been issued by the Minister responsible for this Act certifying the date referred to in clause (4)(b) is proof of that date.
(6)In a prosecution for an offence under this Section, it is a defence for the person charged to prove that the person exercised due diligence to avoid the commission of the offence. 2006, c. 3, s. 13.
Summary Proceedings Act
14Section 4 of the Summary Proceedings Act does not apply to this Act. 2006, c. 3, s. 14.
Regulations
15(1)The Governor in Council may make regulations
(a)prescribing requirements to be met with respect to disclosures of information to law enforcement agencies or investigative bodies;
(b)prescribing the manner of consent to personal information being stored in or accessed from outside Canada as required by clause 5(1)(a);
(c)prescribing the form and content of a report required by subsection 5(3);
(d)prescribing forms for the purpose of this Act;
(e)for any purpose contemplated by this Act;
(f)defining any word or expression used but not defined in this Act;
(g)enlarging or restricting the meaning of any word or expression defined in this Act;
(h)respecting any other matter or thing the Governor in Council considers advisable or necessary to carry out effectively the intent and purpose of this Act.
(2)A regulation may apply to all persons or bodies or to a class of persons or bodies to whom this Act applies and there may be different regulations for different classes of such persons or bodies.
(3)The exercise by the Governor in Council of the authority contained in this Section is regulations within the meaning of the Regulations Act. 2006, c. 3, s. 15.
Transitional disclosure rules respecting contracts
- (i)a contract entered into by a public authority for the provision of services by a service provider, or
(ii)a contract or other arrangement entered into by a public authority under which personal information is disclosed pursuant to Section 10;
(b)"contract commitment date" means
- (i) in the case of a contract that a public authority is legally obliged to enter into as a result of a completed binding competitive process, the date on which the process was completed, or
(ii)in any other case, the date on which the contract was entered into by the public authority;
(c)"new disclosure rules" means this Act, except Section 7;
(d)"previous disclosure rules" means Sections 24 to 30 of the Freedom of Information and Protection of Privacy Act or, in the case of a municipality, Sections 483 to 485 of the Municipal Government Act;
- (i) the Government of the Province, or
(2)The new disclosure rules apply in relation to all contracts for which the contract commitment date is later than thirty days after the coming into force of this Act.
(3)Subject to subsection (4), in relation to a contract for which the contract commitment date is on or earlier than the applicable date under subsection (2),
(a)the previous disclosure rules are deemed to continue in force and apply to the contract, until the end of the term of the contract as it was on that contract commitment date; and
(b)the new disclosure rules apply to the contract after that time.
(4) In relation to the services provided under a contract to which subsection (3) applies, the public authority shall use all reasonable efforts to come into compliance with the new disclosure rules as soon as reasonably possible.
(5)For greater certainty, the application of Section 7 is not affected by this Section. 2006, c. 3, s. 16.
Proclamation and effect on municipalities
17(1)This Act comes into force on such day as the Governor in Council orders and declares by proclamation.
Proclaimed-November 10, 2006
In force-November 15, 2006
(2)Notwithstanding subsection (1), this Act has no effect with respect to municipalities until one year after this Act comes into force. 2006, c. 3, s. 17.
This page and its contents published by the Office of the Legislative Counsel, Nova Scotia House of Assembly, and © 2011 Crown in right of Nova Scotia. Created September 27, 2011. Send comments to legc.office@gov.ns.ca.
