Skip to content

Scott Koller

Member

Scott Koller is a privacy and data security attorney specializing in data breach response and security compliance. He assists clients across various industries in managing data-related risks, including incident response preparedness, cybersecurity training, and legal compliance. Scott has extensive experience guiding organizations through security incident investigations, working with law enforcement, and advising on regulatory inquiries.

Scott is a skilled privacy and data security attorney whose practice focuses on data breach response and security compliance. Clients across various industries rely on Scott for his experience and practical solutions in managing the risks associated with data collection and information technology.

Incident Response
Scott has unparalleled experience having counseled thousands of clients in investigating and responding to security incidents and data breaches.   Scott has represented clients across virtually every industry sector and is frequently sought out to defend clients in connection with regulatory inquiries, including those from state attorneys general, state insurance departments, state health departments, the Federal Trade Commission, the Securities and Exchange Commission, and the Department of Health and Human Services Office for Civil Rights.

Privacy & Digital Risk Advisory

Scott also partners with incident response teams, executives, and boards to conduct interactive workshops and tabletop exercises to educate and coach organizations on best practices for handling incidents and improving existing incident response plans and procedures.

Leveraging his strong background in information technology, Scott works closely with both legal and information technology departments to measure and enhance the organization’s security posture, including working with internal and external teams to conduct risk assessments and penetration tests, prioritize security projects and mitigation controls, and continuously measure the organization’s privacy and security posture.

He also advises clients on a wide range of privacy and data security issues, including under the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA/CPRA), Family Educational Rights and Privacy Act (FERPA), PCI-DSS, the FTC Act, state data protection laws and international data privacy laws.

Education

J.D., Northwestern University Pritzker School of Law, Chicago, Illinois
B.A., Chapman University, Economics
B.S., Chapman University

Recognitions

  • Daily Journal Top Cyber Lawyers (2019)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Computer Forensic Examiner (IACRB)
  • Certified Information and Privacy Professional (CIPP/US/CIPM)
  • Microsoft Certified Professional
  • CompTIA A+ Certified IT Technician
  • CompTIA Security+
  • CompTIA i-Net Certified Technician

Memberships

  • The State Bar of California
  • The Los Angeles County Bar Association: Founding Member of the Privacy/Cyber Section
  • International Association of Privacy Professionals (IAPP)
  • International Information System Security Certification Consortium
  • American Bar Association: Science & Technology Law Section

State Bar Licenses

California
  • Advises clients in the financial, healthcare and retail sectors in cybersecurity and data breach incidents in the U.S. and abroad.
  • Represents clients in OCR, FINRA and state attorneys general (including multistate taskforce) investigations and enforcement actions for alleged data security and privacy violations.
  • Provides proactive privacy and security advice to emerging companies related to data collection, use, sharing and marketing.
  • Develops and implements policies, including website and app privacy and terms of use, BYOD, social media, incident response and information security plans.
  • Conducted a data breach notification assessment, including managing the forensic investigation and notification process for a large cloud hosting provider in connection with a sophisticated cybersecurity attack.
  • Advised a leading social networking site in connection with the use and disclosure of personal information to third-party service providers.
  • Developed and executed a security incident response program for a global telecommunications company.
  • Served as the primary HIPAA privacy counsel to various clients, including e-health, telemedicine and network security providers.
  • Prepared comprehensive HIPAA privacy and security policies and procedures, business associate agreements, privacy notices and training materials for numerous HIPAA-covered entities.
  • Represented a healthcare provider in connection with an investigation by the Office of Civil Rights for HIPAA violations.
  • Represented a nonprofit in connection with an investigation and audit by the California Department of Public Health for alleged violations of privacy laws.

The Clark Hill approach is equally pragmatic and growth-minded, which is why we understand our clients’ toughest business challenges. Our multidisciplinary, global team of advisors focuses on smart legal solutions, delivered simply.

© 2024 Clark Hill PLC.