Data Protection Act 1998 s.1 provides that:

"'relevant filing system' means any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible."

For general practical purposes manually recorded data can therefore be thought of as being mainly paper records and files, but the definition is wide enough to also include letters, roladex index cards, microfiches, faxes and general notes. The definition is important because through it manually recorded data come within the coverage of the Data Protection Act 1998 (see the definition of data in Data Protection Act 1998 s.1.

Manually recorded data was not covered by the Data Protection Act until 24th October 2001 (when the "first transitional period" ended, as provided by DPA 1998 sch 8) - see notes at Data protection/Data Protection Act 1998 commencement .

During a "second transitional period" personal data which is recorded manually and was "subject to processing which was already under way immediately before 24th October 1998" is mainly exempt. This exemption ends at midnight on 23rd October 2007.

The Court of Appeal considered the proper meaning of "relevant filing system" in an important case in 2003. The Court of Appeal held that manual records are covered by the Data Protection Act 1998 "only if they are of sufficient sophistication to provide the same or similar ready accessibility as a computerised filing system" ( Durant v Financial Services Authority CA 2003 on 8th December 2003). In autumn 2004, the Information Commissioner issued revised formal guidance on the meaning of "relevant filing system" in the light of the Durant case, issued Oct 2004.

The Durant case was later applied by the High Court which upheld the Medical Defence Union refusal to give access to "personal data" to a doctor in connection with his application for renewal of union membership (Johnson v Medical Defence Union Ltd [2004] EWHC 347 and Johnson v Medical Defence Union Ltd [2004] EWHC 2509).

The Information Commissioner's Office Technical Guidance Notes webpages are an essential source of practical information on all aspects of data protection.

See also notes at Data Protection generally and especially notes at Definitions and interpretation/processing and/or Data protection/personal data .