IRS Expands Tax Relief for Identity Protection

OVERVIEW
Due to growing concerns about data breaches and identity theft, some employers have started offering identity protection services to their employees as a fringe benefit. The Internal Revenue Service (IRS) has issued two pieces of guidance that address the taxability of this benefit.
Announcement 2015-22 provides that the value of identity protection services provided by employers to employees in connection with a data breach is NOT taxable to the employees.
Announcement 2016-02 significantly expands the favorable tax treatment for employer-provided identity protection services. Under this recent guidance, the value of identity protection services provided before a breach happens is also nontaxable.

ACTION STEPS
Due to the expanded tax relief, employers can provide tax-free identity protection services to their employees before a breach occurs. Employers might provide services such as credit reporting and monitoring services, identity theft insurance policies, or identity restoration services to employees. However, since the IRS’ guidance only applies to federal tax rules, employers will want to evaluate any state or local tax consequences of providing identity protection services.

Also, if employers require employees to contribute to the cost of identity protection services, the contributions must be deducted on an after-tax basis. Because identity theft services are not a qualified benefit under Internal Revenue Code Section 125, employees cannot purchase the services on a pre-tax basis.

Identity Protection Services
Identity theft (also known as identity fraud) occurs when a person wrongfully obtains and uses another individual’s personal information—for example, his or her name, Social Security number, or banking or credit card numbers—in a way that involves fraud or deception. Identity theft is a growing problem in the United States. It has been the number one consumer complaint to the Federal Trade Commission (FTC) for the past fifteen years. In addition, recent high-profile breaches at various organizations have exposed millions of individuals to the risk of identity theft.

In response to these data breaches, organizations often provide credit reporting and monitoring services, identity theft insurance policies, identity restoration services or similar services—commonly known as “identity protection services”—to customers, employees or other individuals whose personal information may have been compromised in a data breach. But now, as a growing trend, organizations are providing identity protection services to employees or other individuals before a data breach occurs in order to allow earlier detection of data breaches and to minimize their impact.

Tax Relief
The IRS has issued guidance on the taxability of the identity protection services provided by employers at no cost to employees.

• In August 2015, the IRS released Announcement 2015-22 to clarify that the value of credit monitoring and other identity protection services provided by employers to employees in connection with a data breach is NOT taxable to the employees. In order to receive this favorable tax treatment, the employees’ personal information must have been compromised in a data breach of the employer’s (or of the employer’s agent or service provider’s) recordkeeping system.

• In December 2015, the IRS released Announcement 2016-02 to significantly expand the favorable tax treatment for employer-provided identity protection services. Under this new guidance, the value of identity protection services provided by employers to employees before a breach happens is also nontaxable. However, employers and employees will still have to consider any potential state and local tax implications.
Announcement 2016-02 provides that:

  • Individuals who receive identity protection services from their employer (or from another organization that the individuals provided personal information to) do not need to include the value of these services in their gross income;
  • An employer providing identity protection services to its employees is not required to include the value of these services in the employees’ gross income and wages; and
  • The value of identity protection services does not need to be reported on information returns such as Forms W-2 or 1099-MISC.

However, this tax relief does not apply to cash that an individual may receive in lieu of identity protection services, or to proceeds received under an identity theft insurance policy.

HIGHLIGHTS
• According to the IRS, employers can provide credit monitoring and other identity protection services to employees tax-free, even before a breach happens.
• Employer-provided identity protection services will not increase employers’ federal payroll taxes and will not result in additional federal taxes for employees.

IMPORTANT DATES
August 2015
The IRS announced tax relief for identity protection services provided in connection with a data breach.
December 2015
The IRS expanded this tax relief to apply when employers provide services before a breach occurs.

For More contact Sue Justice: sue@emerybenefitsolutions.com. www.emerybenefitsolutions.com

This Compliance Bulletin is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice.
© 2016 Zywave, Inc. All rights reserved. KP 2/16

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s