The government's information commissioner has published guidance to help organisations determine the data they need to release when faced with a "subject access request" under the Data Protection Act.

The guidance contained in the document The Durant Case and its Impact on the Interpretation of the Data Protection Act 1998 focuses on two issues - what makes data "personal" under the act, and what is meant by a "relevant filing system".

The commissioner, Richard Thomas, advises organisations that "mere reference to a person's name where the name is not associated with any other personal information" would not be personal data. This takes some pressure off firms concerned about receiving numerous subject access requests and not being able to supply the information quickly, because it reduces the amount of data they need to produce.

According to the guidelines, firms' paper records should be quick and easy to find if they could be asked for under a subject access request.

Liz Fitzsimons, senior associate at law firm Eversheds, said companies should revise their filing systems in light of this advice. "People should develop their filing systems so that they reduce the risk of dealing with paper records when they get a subject access request," she said.

Though complying with requests for emails and other electronically archived material could still be "onerous", Fitzsimons said that it was likely that the information commissioner would soon release additional guidance clarifying this issue. "He is being very helpful in applying the act in a common sense manner," she added.

The guidance, which was released in response to a court ruling in favour of the Financial Services Authority (FSA), will help organisations that have been confused about their obligations.

The case of Durant v FSA concerned an individual's attempts to gain access to records about him held by the FSA. Durant made two subject access requests under the Data Protection Act. The FSA refused access to manual files arguing that the information sought was neither "personal" nor part of a "relevant filing system".

The court agreed, explaining that the mere fact that a document is retrievable by reference to a person's name does not entitle that person to a copy of it under the act.

The Durant v FSA decision represented a "fundamental change" in data protection compliance, according to Fitzsimons. "This decision narrows down [firms'] obligations," she commented.

Further advice is available on the commissioner's web site at the first URL below.