IRS Says Identity Theft Protection is No Longer Taxable


By: David Cole

The Internal Revenue Service (IRS) recently announced that it will treat identity theft protection as a non-taxable, non-reportable benefit, even when offered proactively before any data breach, and regardless of whether it is offered by an employer to employees, or by other businesses (such as retailers) to their customers.

The announcement comes only four months after an earlier announcement by the IRS that it would take the same approach with regard to identity theft protection offered to employees or customers in the wake of a data breach.   In the earlier announcement, the IRS requested public comments from providers of identity protection services on whether they provide such services other than as a result of a data breach, and in response received comments indicating that businesses are proactively providing identity theft protection to employees as a benefit, because many businesses view a data breach as “inevitable” rather than as a remote risk.

As a result, businesses and employers that offer identity theft protection, either as a proactive benefit to employees or as a remedial measure to affected individuals after a data breach, do not have to report the value of such services on a Form W-2 (provided to an employee) or Form 1099-MISC (provided to a customer or other non-employee).  Similarly, individuals receiving such services do not have to report their  value in their gross income.  However, proceeds received under an identity theft insurance policy will be treated under existing tax provisions applicable to insurance benefits.  In addition, tax-exempt treatment will not apply to cash provided to an employee or customer in lieu of identity protection services.