Scarborough Council members and staff, along with all other local authorities, must complete mandatory training as part of the new General Data Protection Regulation (GDPR), which will come into effect on May 25 this year.
However, it was revealed today that one of the council's 50 councillors was "refusing" to take part in the training.
The councillor, who was not named, could face sanctions including being denied access to council reports and, in a worst-case scenario, the council as a whole could face punishment.
Cllr John Nock, the council's Portfolio Holder for Legal and Governance, told today's cabinet meeting: "There appears to be some doubt that all members have [completed the training].
"I know that one member has refused [to take part]."
He added: "We are looking at alternative sanctions or actions that can be taken if that refusal still stands."
The council's legal advisor, David Kitson, said that while it was unlikely the council as a whole would be punished it was a possibility.
He said: "It is essential that all members complete the training. If a member doesn't complete the training while it doesn't absolutely follow that the council is not compliant but there is a significant risk that the individual is not processing personal data in accordance with the legislation.
"We can take certain measures we can take to mitigate that risk, including restricting access to data and iPads, however, it is hoped we do not have to take those measures."
The GDPR is supposed to tighten how personal information is handled and stored.
Councillors are required to complete the training as they can handle sensitive information and personal details passed on by their constituents and also from council reports.