Scott Koller is a skilled privacy and data security attorney whose practice focuses on data breach response and security compliance issues. Clients in a broad range of industries turn to Scott for his experience and practical solutions on managing risks associated with data and information technology, including incident response preparedness, developing information security programs, cybersecurity training and helping to guide organizations through data security incidents.
Incident Response
Scott has counseled hundreds of clients in investigating and responding to an event compromising information and systems security, working closely with client resources, third-party forensic consulting experts and law enforcement to identify the nature and scope of a compromise. Scott relies on his knowledge of state, federal and international laws, as well as industry-specific guidelines and standards, to assist organizations in identifying and complying with legal obligations to disclose the incident to certain audiences and provide certain services to impacted populations.
Scott has represented numerous organizations, including healthcare providers, financial institutions, hospitality providers, retailers and other professional services providers in inquiries by regulators, including state attorneys general, state insurance departments, state health departments, the Federal Trade Commission, Securities and Exchange Commission, Department of Health and Human Services and the Office for Civil Rights.
Privacy & Digital Risk Advisory
Scott also partners with incident response teams, executives and boards to conduct interactive workshops and tabletop exercises to educate and coach organizations on best practices for handling incidents and improving existing incident response plans and procedures.
Leveraging his strong background in information technology, Scott works closely with both legal and information technology departments to measure and enhance the organization's security posture, including working with internal and external teams to conduct risk assessments and penetration tests, prioritize security projects and mitigation controls, and continuously measure the organization's privacy and security posture. He also advises clients on a wide range of privacy and data security issues, including under the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA/CPRA), Family Educational Rights and Privacy Act (FERPA), PCI-DSS, the FTC Act, state data protection laws, international data privacy laws and self-regulatory rules.