IRS OKs Excluding ID Protection Benefits from Taxable Income

More employers likely to provide data-breach monitoring and related services to employees

By Stephen Miller, CEBS Jan 5, 2016

Employers can now provide an additional workplace benefit using pretax dollars.

The IRS on Dec. 30, 2015, released Announcement 2016-02, Federal Tax Treatment of Identity Protection Services, which allows preferential tax treatment for employer-provided identity theft benefits regardless of whether the employer has experienced a data breach.

In August 2015, the IRS had released Announcement 2015-22, Federal Tax Treatment of Identity Protection Services Provided to Data Breach Victims, which dealt specifically with employees and others whose personal information may have been compromised in a data breach. This announcement allowed those affected by a breach to exclude from their taxable gross income the value of identity protection services provided to them by the breached organization.

Announcement 2016-02 now extends the prior guidance to include identity protection services provided to employees despite the absence of a data breach, allowing the value of employer-provided ID protection benefits to be excluded from an employee’s gross income and wages. Likewise, the value of these services does not need to be reported on an employee’s Form W-2 or on a Form 1099-MISC.

The preferential tax treatment does not apply to cash provided to employees in lieu of identity protection services, or to proceeds received under an identity theft insurance policy.

Boost for ID Protection Benefits

“This is welcomed news for employers looking for ways to help their employees avoid being affected by a data breach and [mitigate] the effects should employees become victims of a breach,” said Joseph J. Lazzarotti, an attorney shareholder in the Morristown, N.J., office of Jackson Lewis. “The employer can provide the services without increasing its federal payroll taxes, and employees can receive the services without incurring any additional federal tax liability.” Employers and employees will still have to consider any potential state and local tax implications, Lazzarotti noted.

“As a result of this action, and because of how prevalent data breaches have become, it is likely that more employers will be looking to provide data-breach monitoring and related services to their employees,” Lazzarotti pointed out. “While these services would not constitute benefits covered under the Employee Retirement Income Security Act, as with other employee benefits, employers will want to carefully select the vendors that will provide the services, and take other steps to incorporate this into their overall benefit offerings.”

Stephen Miller, CEBS, is an online editor/manager for SHRM. Follow me on Twitter.

SHRM CONNECT

Join SHRM's exclusive peer-to-peer social network

Join Today

Job Finder

Find an HR Job Near You

SPONSOR OFFERS

Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 3,200 companies

Search & Connect