The IRS today released an advance version of Announcement 2016-2 to extend the tax treatment of identity protection services as previously provided to "compromised" persons (i.e., such services not being reportable income) to identity protection services provided to employees or other individuals before a data breach occurs.
The IRS in August 2015 released Announcement 2015-22 providing that identity protection services provided at no cost to customers, employees, or other individuals whose personal information may have been compromised in a data breach were not reportable income to these “compromised” persons. Read TaxNewsFlash-United States
The IRS and Treasury Department received comments in response to Announcement 2015-22, including statements that providing identity protection services to employees and other individuals before a data breach occurs allows earlier detection of a data breach and minimizes the impact of a breach on operations. Based on these comments, the IRS and Treasury decided to extend the relief originally provided by Announcement 2015-22 to include identity protection services provided to employees or other individuals before a data breach occurs.
Announcement 2016-2 [PDF 30 KB] provides that the IRS will not assert that an individual must include in gross income the value of identity protection services provided by the individual’s employer or by another organization to which the individual provided personal information (for example, name, social security number, or banking or credit account numbers).
Additionally, the IRS will not assert that an employer providing identity protection services to its employees must include the value of the identity protection services in the employees’ gross income and wages. The IRS will not assert that these amounts must be reported on an information return (such as Form W-2 or Form 1099-MISC) filed with respect to such individuals.
Today's IRS announcement states that any further guidance on the taxability of these benefits will be applied prospectively. It also states that this relief does not apply to cash received in lieu of identity protection services or to proceeds received under an identity theft insurance policy.
© 2017 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The KPMG logo and name are trademarks of KPMG International. KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent member firms. KPMG International provides no audit or other client services. Such services are provided solely by member firms in their respective geographic areas. KPMG International and its member firms are legally distinct and separate entities. They are not and nothing contained herein shall be construed to place these entities in the relationship of parents, subsidiaries, agents, partners, or joint venturers. No member firm has any authority (actual, apparent, implied or otherwise) to obligate or bind KPMG International or any member firm in any manner whatsoever. The information contained in herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. For more information, contact KPMG's Federal Tax Legislative and Regulatory Services Group at: + 1 202 533 4366, 1801 K Street NW, Washington, DC 20006.