M. Scott Koller

Counsel

Los Angeles
T +1.310.979.8427
F +1.310.820.8859

Overview

Scott Koller focuses his practice on data breach response and security compliance issues. He has guided hundreds of clients through incident response and data breach investigations involving malware, network intrusion, inadvertent disclosure and ransomware. When advising clients on the technical issues associated with a data breach, Scott leverages his strong background in information technology as a Certified Information Systems Security Professional (CISSP), Certified Computer Forensic Examiner, Fellow of Information Privacy (FIP) from the International Association of Privacy Professionals. As a litigator, Scott is also well-suited to help defend his clients in connection with regulatory investigations and class action lawsuits, including those involving the Department of Health and Human Services, Financial Industry Regulatory Authority, and state regulatory agencies. 

Scott regularly serves as breach coach and privacy counsel and prepares comprehensive privacy and security policies, Business Associate Agreements (BAAs), privacy notices, training materials and incident response plans.  

Select Experience

  • Advises clients in the financial, healthcare and retail sectors in cybersecurity and data breach incidents in the U.S. and abroad.
  • Represents clients in OCR, FINRA and state attorneys general (including multistate taskforce) investigations and enforcement actions for alleged data security and privacy violations.
  • Provides proactive privacy and security advice to emerging companies related to data collection, use, sharing and marketing. 
More »

Experience

  • Advises clients in the financial, healthcare and retail sectors in cybersecurity and data breach incidents in the U.S. and abroad.
  • Represents clients in OCR, FINRA and state attorneys general (including multistate taskforce) investigations and enforcement actions for alleged data security and privacy violations.
  • Provides proactive privacy and security advice to emerging companies related to data collection, use, sharing and marketing. 
  • Develops and implements policies, including website and app privacy and terms of use, BYOD, social media, incident response, and information security plans.  
  • Conducted a data breach notification assessment, including managing the forensic investigation and notification process for a large cloud hosting provider in connection with a sophisticated cybersecurity attack.
  • Advised a leading social networking site in connection with the use and disclosure of personal information to third-party service providers.
  • Developed and executed a security incident response program for a global telecommunications company.
  • Served as the primary HIPAA privacy counsel to various clients, including e-health, telemedicine and network security providers.
  • Represented corporate clients in privacy and consumer protection litigation and government investigations (including the defense of TCPA claims and a suit over the disclosure of health information).
  • Prepared comprehensive HIPAA privacy and security policies and procedures, business associate agreements, privacy notices and training materials for numerous HIPAA-covered entities.
  • Represented a large healthcare provider in multimillion-dollar coordinated actions for breach of contract, breach of implied contract and unfair competition (California Business and Professions Code § 17200) claims involving emergency healthcare services.
  • Helped obtain a $3.93 million damage award for a pharmaceutical company in a dispute over intellectual property and licensing rights.
  • Represented a rehabilitation clinic in connection with a government investigation surrounding the loss of personal health information contained on several stolen laptops.
  • Successfully secured a defense verdict for a telecommunications company against a $2 million successor liability claim brought by a Hong Kong bank.
  • Represented a toy manufacturing company in the highly publicized theft of trade secrets and copyright action against a manufacturer of toys and entertainment products over a toy doll line.
  • Counsel for a hospital chain in connection with a government investigation by the Department of Justice surrounding its business practices.
  • Represented a healthcare provider in connection with an investigation by the Office of Civil Rights for HIPAA violations.
  • Represented a nonprofit in connection with an investigation and audit by the California Department of Public Health for alleged violations of privacy laws.

Recognitions and Memberships

Recognitions

  • Certified Information Systems Security Professional (CISSP)
  • Certified Computer Forensic Examiner (IACRB)
  • Certified Information and Privacy Professional (CIPP/US/CIPM)
  • Certified HIPAA Privacy Associate (HIPAATraining.net)
  • Microsoft Certified Professional
  • CompTIA A+ Certified IT Technician
  • CompTIA Security+
  • CompTIA i-Net Certified Technician
  • Novell Certified Internet Business Strategist

Memberships

  • International Association of Privacy Professionals (IAPP)
  • American Bar Association: Science & Technology Law Section

Prior Positions

  • Technology Venture Alliance: Director of Pre-Funding Operations
  • Legal Extern for the Honorable R. Gary Klausner 

Admissions

  • California

Education

  • J.D., Northwestern University School of Law
  • B.A., Economics, Chapman University
  • B.S., Business Administration, Chapman University