January 5, 2016
Authored by: Chris Rylands and Denise Erwin
Late last year, while you were probably busy picking out which bubbly to pop at the stroke of midnight, the IRS gave us another reason to celebrate. You may remember (as we wrote previously) the IRS said it would not require identity theft victims to include the value of identity theft restoration and protection services in their income. But what about for employers or others who provide ID theft in advance of a breach?
Well, after receiving a total of only four comments, the IRS decided to broaden the nontaxability of ID theft protection services. In providing this relief, the IRS cited comments indicating that organizations are increasingly providing ID protection services before a data breach occurs as a strategy to help with early detection of a breach and to minimize the impact on operations.
Specifically, the IRS said, in Announcement 2016-02 that it will not require individuals to include in their taxable income the value of ID protection services provided by their employers (or other organization to whom they provide personal information) before a data breach occurs. It will also not assert violations if employers or other companies fail to report the amounts on Forms W-2 or Form 1099-MISC, for example. This relief still does not apply to cash in lieu of these services or proceeds received under an ID theft policy.
Interestingly, the IRS is not saying that ID theft protection services are nontaxable. They are simply saying that they will not assert violations of the tax code for failure to include their value in taxable income or report it. For most purposes, this distinction does not mean much. However, this new guidance does not mean, for example, that employers who ask employees to pay for a portion of the ID theft services can have employees pay on a pre-tax basis through a cafeteria plan because ID theft is not a permitted benefit under a Section 125 cafeteria plan.