Growing concerns around security and privacy of information in the digital world will drive legislative and regulatory actions globally, but poorly conceived regulations could also lead to creation of new vulnerabilities, warns cybersecurity solutions provider Symantec.

According to Symantec's cybersecurity predictions for 2019, while "upticks in legislative and regulatory actions" are likely to be seen as addressing security and privacy needs, "there is a potential for some requirements to prove more counterproductive than helpful".

Speaking to PTI, Symantec Managing Director (India and SAARC) Gaurav Agarwal said there are certain aspects that need to be taken care of when these regulations are framed and implemented.

"For example, an administrative/regulatory body asks a business/ individual for some information to investigate. There needs to be clarity around how the data is collected, handled and processed, and then discarded after use, so that there isn't any misuse by someone else," he explained.

Symantec's report pointed out that the European Union's implementation of the General Data Protection Regulation (GDPR) earlier this year will likely prove to be a precursor to various security and privacy initiatives in other regions.

Countries like Canada and Brazil have already passed rules around the subject, while India is considering its own data protection norms, the report added.

"If poorly conceived, security and privacy regulations could create new vulnerabilities even as they close others," the report cautioned.

Agarwal said an important step in the process would be to make people aware of the changes being brought in and the likely impact these rules it would have on their lives.

"The banking system has done a commendable job in making people aware that they shouldn't be sharing the OTP for transactions... When new regulations are being put in place, scamsters could use fear to trick consumers into sharing private information, and this can be countered only by educating the public," he added.