The Office of the Information Commissioner has announced plans to overhaul its guidance to help firms comply with data protection legislation and understand the finer points of the law. The decision follows a recent ruling by the Court of Appeal, which clarified the definition of "personal data" that firms must disclose to individuals upon request.

The case, Durant v Financial Services Authority, concerned Michael Durant's attempts to gain access to records held by the FSA. These records had been stored following an investigation by the FSA into a case Durant had been pursuing against Barclays Bank.

Durant made two subject access requests under the Data Protection Act. In response the FSA provided documents available in computerised format but refused access to manual files, claiming that the information sought was neither "personal" nor part of a "relevant filing system".

The Court of Appeal had to decide a number of issues: what makes data personal; what is meant by a relevant filing system; and under what circumstances a data controller should comply with requests for information when documentation might include information about another person.

The court ruled that Durant should not be given the documents requested as, "Mere mention of the data subject in a document held by a data controller does not necessarily amount to his personal data". The clarification was welcomed by the government's data commissioner, Richard Thomas, who is responsible for overseeing compliance with the Data Protection Act.

Following the Court of Appeal's ruling, Thomas said in a statement: "These have always been complex issues and any jurisprudence in this area is helpful. All the commissioner's responsibilities, including existing and future casework, will be carried out in accordance with this judgement".

Mike Pullen, a data protection lawyer at law firm DLA, said the court's ruling was sensible. "The court is the final arbitrator of the act, and the information commissioner must follow what it says," he added. "[But] the result might have been different if it had been a dispute between an individual and a private firm, not a regulator."

Pullen predicted that organisations would see less nuisance requests for information made by disgruntled customers or ex-employees as a result of the case.