M. Scott Koller

Partner

Los Angeles
T +1.310.979.8427
F +1.310.820.8859

Overview

Scott Koller is a skilled privacy and data security attorney whose practice focuses on data breach response and security compliance issues. He has extensive experience counseling clients on privacy and data protection issues, including data breach response, cybersecurity risk management, incident response planning and preparedness, vendor management, and regulatory investigations.

Scott has guided hundreds of clients through incident response and data breach investigations involving malware, network intrusion, inadvertent disclosure and ransomware. Additionally, Scott has aided clients through regulatory investigations from the Office for Civil Rights (OCR), Financial Industry Regulatory Authority, Securities and Exchange Commission, the Federal Trade Commission (FTC), and various state Attorneys General.

Leveraging his strong background in information technology, Scott advises clients in a wide range of industries, including e-commerce, consumer products, hotels and hospitality, technology, professional services, financial institutions, and healthcare entities. Notably, he regularly counsels clients regarding compliance with various data privacy and security requirements, including state data breach notification laws, HIPAA & HITECH, California Consumer Privacy Act (CCPA) and the PCI DSS.

Select Experience

  • Advises clients in the financial, healthcare and retail sectors in cybersecurity and data breach incidents in the U.S. and abroad.
  • Represents clients in OCR, FINRA and state attorneys general (including multistate taskforce) investigations and enforcement actions for alleged data security and privacy violations.
  • Provides proactive privacy and security advice to emerging companies related to data collection, use, sharing and marketing. 
More »

Experience

  • Advises clients in the financial, healthcare and retail sectors in cybersecurity and data breach incidents in the U.S. and abroad.
  • Represents clients in OCR, FINRA and state attorneys general (including multistate taskforce) investigations and enforcement actions for alleged data security and privacy violations.
  • Provides proactive privacy and security advice to emerging companies related to data collection, use, sharing and marketing. 
  • Develops and implements policies, including website and app privacy and terms of use, BYOD, social media, incident response, and information security plans.  
  • Conducted a data breach notification assessment, including managing the forensic investigation and notification process for a large cloud hosting provider in connection with a sophisticated cybersecurity attack.
  • Advised a leading social networking site in connection with the use and disclosure of personal information to third-party service providers.
  • Developed and executed a security incident response program for a global telecommunications company.
  • Served as the primary HIPAA privacy counsel to various clients, including e-health, telemedicine and network security providers.
  • Represented corporate clients in privacy and consumer protection litigation and government investigations (including the defense of TCPA claims and a suit over the disclosure of health information).
  • Prepared comprehensive HIPAA privacy and security policies and procedures, business associate agreements, privacy notices and training materials for numerous HIPAA-covered entities.
  • Represented a large healthcare provider in multimillion-dollar coordinated actions for breach of contract, breach of implied contract and unfair competition (California Business and Professions Code § 17200) claims involving emergency healthcare services.
  • Helped obtain a $3.93 million damage award for a pharmaceutical company in a dispute over intellectual property and licensing rights.
  • Represented a rehabilitation clinic in connection with a government investigation surrounding the loss of personal health information contained on several stolen laptops.
  • Successfully secured a defense verdict for a telecommunications company against a $2 million successor liability claim brought by a Hong Kong bank.
  • Represented a toy manufacturing company in the highly publicized theft of trade secrets and copyright action against a manufacturer of toys and entertainment products over a toy doll line.
  • Counsel for a hospital chain in connection with a government investigation by the Department of Justice surrounding its business practices.
  • Represented a healthcare provider in connection with an investigation by the Office of Civil Rights for HIPAA violations.
  • Represented a nonprofit in connection with an investigation and audit by the California Department of Public Health for alleged violations of privacy laws.

Recognitions and Memberships

Recognitions

  • Daily Journal Top Cyber Lawyers (2019)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Computer Forensic Examiner (IACRB)
  • Certified Information and Privacy Professional (CIPP/US/CIPM)
  • Certified HIPAA Privacy Associate (HIPAATraining.net)
  • Microsoft Certified Professional
  • CompTIA A+ Certified IT Technician
  • CompTIA Security+
  • CompTIA i-Net Certified Technician
  • Novell Certified Internet Business Strategist

Memberships

  • International Association of Privacy Professionals (IAPP)
  • American Bar Association: Science & Technology Law Section

Blog Posts

Prior Positions

  • Technology Venture Alliance: Director of Pre-Funding Operations
  • Legal Extern for the Honorable R. Gary Klausner 

Admissions

  • California

Education

  • J.D., Northwestern University School of Law
  • B.A., Economics, Chapman University
  • B.S., Business Administration, Chapman University

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Deeper Dive: Minimizing Risk
By Brian P. Bartish, Patrick H. Haggerty, M. Scott Koller
April 3, 2018
For organizations of any size, making sense of the constantly evolving cyber risk landscape can seem daunting. With new threats materializing on a constant basis, it can be difficult for organizations to efficiently allocate resources and...
Read More ->