M. Scott Koller

He | Him | His

Partner

Los Angeles
T +1.310.979.8427
F +1.310.820.8859

Overview

Scott Koller is a skilled privacy and data security attorney whose practice focuses on data breach response and security compliance issues. Clients in a broad range of industries turn to Scott for his experience and practical solutions on managing risks associated with data and information technology, including incident response preparedness, developing information security programs, cybersecurity training and helping to guide organizations through data security incidents.

Incident Response

Scott has counseled hundreds of clients in investigating and responding to an event compromising information and systems security, working closely with client resources, third-party forensic consulting experts and law enforcement to identify the nature and scope of a compromise. Scott relies on his knowledge of state, federal and international laws, as well as industry-specific guidelines and standards, to assist organizations in identifying and complying with legal obligations to disclose the incident to certain audiences and provide certain services to impacted populations.

Scott has represented numerous organizations, including healthcare providers, financial institutions, hospitality providers, retailers and other professional services providers in inquiries by regulators, including state attorneys general, state insurance departments, state health departments, the Federal Trade Commission, Securities and Exchange Commission, Department of Health and Human Services and the Office for Civil Rights.

Privacy & Digital Risk Advisory

Scott also partners with incident response teams, executives and boards to conduct interactive workshops and tabletop exercises to educate and coach organizations on best practices for handling incidents and improving existing incident response plans and procedures.

Leveraging his strong background in information technology, Scott works closely with both legal and information technology departments to measure and enhance the organization's security posture, including working with internal and external teams to conduct risk assessments and penetration tests, prioritize security projects and mitigation controls, and continuously measure the organization's privacy and security posture. He also advises clients on a wide range of privacy and data security issues, including under the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA/CPRA), Family Educational Rights and Privacy Act (FERPA), PCI-DSS, the FTC Act, state data protection laws, international data privacy laws and self-regulatory rules.

Select Experience

  • Advises clients in the financial, healthcare and retail sectors in cybersecurity and data breach incidents in the U.S. and abroad.
  • Represents clients in OCR, FINRA and state attorneys general (including multistate taskforce) investigations and enforcement actions for alleged data security and privacy violations.
  • Provides proactive privacy and security advice to emerging companies related to data collection, use, sharing and marketing. 
More »

Experience

  • Advises clients in the financial, healthcare and retail sectors in cybersecurity and data breach incidents in the U.S. and abroad.
  • Represents clients in OCR, FINRA and state attorneys general (including multistate taskforce) investigations and enforcement actions for alleged data security and privacy violations.
  • Provides proactive privacy and security advice to emerging companies related to data collection, use, sharing and marketing. 
  • Develops and implements policies, including website and app privacy and terms of use, BYOD, social media, incident response and information security plans.  
  • Conducted a data breach notification assessment, including managing the forensic investigation and notification process for a large cloud hosting provider in connection with a sophisticated cybersecurity attack.
  • Advised a leading social networking site in connection with the use and disclosure of personal information to third-party service providers.
  • Developed and executed a security incident response program for a global telecommunications company.
  • Served as the primary HIPAA privacy counsel to various clients, including e-health, telemedicine and network security providers.
  • Prepared comprehensive HIPAA privacy and security policies and procedures, business associate agreements, privacy notices and training materials for numerous HIPAA-covered entities.
  • Represented a healthcare provider in connection with an investigation by the Office of Civil Rights for HIPAA violations.
  • Represented a nonprofit in connection with an investigation and audit by the California Department of Public Health for alleged violations of privacy laws.

Recognitions and Memberships

Recognitions

  • Daily Journal Top Cyber Lawyers (2019)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Computer Forensic Examiner (IACRB)
  • Certified Information and Privacy Professional (CIPP/US/CIPM)
  • Microsoft Certified Professional
  • CompTIA A+ Certified IT Technician
  • CompTIA Security+
  • CompTIA i-Net Certified Technician

Memberships

  • The State Bar of California
  • The Los Angeles County Bar Association: Founding Member of the Privacy/Cyber Section
  • International Association of Privacy Professionals (IAPP)
  • International Information System Security Certification Consortium
  • American Bar Association: Science & Technology Law Section

Prior Positions

  • Legal Extern for the Honorable R. Gary Klausner 
  • Legal Extern for the Honorable Nancy J. Katz (Ret.)

Admissions

  • California

Education

  • J.D., Northwestern University School of Law
  • B.A., Economics, Chapman University
  • B.S., Business Administration, Chapman University

Blog

In The Blogs

Previous Next
Data Counsel
Impact of the Ukraine/Russia Conflict on Cybersecurity in the United States
By M. Scott Koller, Mark H. Krietzman
March 16, 2022
On Feb. 24, 2022, Russia launched a large-scale military incursion into Ukraine. By all accounts, the Russian offensive attacked on multiple fronts, including against Ukraine’s network computers and communication systems. The cyberattacks...
Read More ->