The UK Electoral Commission does not have any system to monitor and log access of and changes to the voter database, a Freedom of Information (FOI) request has revealed.
According to the commission, local authorities manage their own electoral registers and send monthly updates to the commission.
This means here is no central point of control, said Guy Churchward, chief executive at log management company LogLogic, which submitted the FOI request.
"How the updates are sent and whether any of the local authorities have monitoring systems in place is not clear," he said.
The commission said the electoral register information is accessed only on a need-to-know basis.
These access permissions are controlled by the ICT team according to an agreed policy and procedure that requires obtaining appropriate authority.
All information assets, including the electoral rolls, are reviewed at least once a year to ensure that they are handled and used appropriately.
In addition, each time there is a change in staff, permissions to access the electoral registers are reviewed, the commission said.
While these policies and procedures are reassuring, said Churchward, there is no way of checking compliance without any automated monitoring system in place.
The commission's security measures conform to "data handling in government" guidelines, he said, but they are not tracking users electronically and therefore have no way of generating real-time security alerts.
The results of the FOI request are disappointing, said Churchward.
"The need to monitor the digital footprint of employees in order to preserve the confidentiality and integrity of data and monitor privileged user activity is extremely important, especially with regards to public sector information," he said.