Firms can plead chaos to avoid revealing personal information held on old paper files, the Information Commissioner's Office (ICO) confirmed today.

But it denied a claim by storage specialist OnStor that companies have until midnight on October 23 to ensure old paper records are "digitized and stored securely" to comply with the 1998 Data Protection Act.

OnStor suggested in a press release that companies should consider investing in a " secure storage solution" to ensure compliance. It went on: "Rather than reacting to each regulation that comes into force, organisations should look at improving overall business efficiency and how they manage their data and information."

But an ICO spokeswoman said the deadline simply ends a ten-year grace period for non-digital "structured filing systems" dating from before the Act. Paper records don't have to be digitised but they do become subject to the same laws as digital systems.

This means any personal information held on the files must be revealed to the person concerned within 40 days of a request, and it must also be correct and up to date.

The spokeswoman said "structured filing systems" meant information stored in the likes of filing cabinets and card indexes. But it does not cover paper strewn haphazardly around desks and cupboards.

She agreed that companies operating that chaotically could avoid compliance with the Act. But she added: "I don't think any company working like that would have lasted ten years."