The IRS has issued new guidelines on the taxability of the identity protection services provided by employers at no cost to employees.
Announcement 2016‐02 provides that:
Individuals/Employees who receive identity theft protection services from their employer (or from another organization that the individuals provided personal information to) do not need to include the value of these services in their gross income;
An employer providing identity protection services to its employees at no cost to the employee is not required to include the value of these services in the employees’ gross income and wages; and
The value of identity protection services does not need to be reported on information returns such as Forms W‐ 2 or 1099‐MISC.
However, this tax relief does not apply to cash that an individual may receive in lieu of identity protection services, or to proceeds received under an identity theft insurance policy.
Initially, in August 2015, the IRS released Announcement 2015‐22 to clarify that the value of credit monitoring and other identity protection services provided by employers to employees in connection with a data breach was NOT taxable to the employees. In order to receive this favorable tax treatment, the employees’ personal information must have been compromised in a data breach of the employer’s (or of the employer’s agent or service provider’s) recordkeeping system.
In December 2015, the IRS released Announcement 2016‐02 to significantly expand the favorable tax treatment for employer‐provided identity protection services. Under this new guidance, the value of identity protection services provided by employers to employees before a breach happens is also nontaxable. However, employers and employees will still have to consider any potential state and local tax implications.