According to an article published today, local councillors must register with the ICO if they process personal data in their constituency offices. Apparently 6,000 are already registered and another 13,000 could and should. Of course, registration with the ICO is just the start – once registered, they also have to comply with the DPA. Compliance is relatively straightforward – the problem is that most organisations, particularly smaller ones, leave compliance until after they’ve been breached and then have to deal with all the sad repercussions of negative press coverage and distressed constituents. The penalties for compliance failures are potentially very significant.