Due to growing concerns about data breaches and identity theft, some employers have started offering identity protection services to their employees as a fringe benefit. The Internal Revenue Service (IRS) has issued two pieces of guidance that address the taxability of this benefit. In August 2015, the IRS released Announcement 2015-22 to clarify that the value of credit monitoring and other identity protection services provided by employers to employees is not taxable to the employees when connected to a data breach. In order to receive this favorable tax treatment, employees’ personal information must have been compromised in a data breach of an employer’s (or of the employer’s agent or service provider’s) recordkeeping system.
In December 2015, the IRS released Announcement 2016-02 to significantly expand the favorable tax treatment for employer-provided identity protection services. Under this new guidance, the value of identity protection services provided by employers to employees before a breach happens is also nontaxable. However, employers and employees will still have to consider any potential state and local tax implications. Due to the expanded tax relief, employers can provide tax-free identity protection services to their employees before a breach occurs. Services can include credit reporting and monitoring, identity theft insurance policies, or identity restoration. However, since the IRS guidance only applies to federal tax rules, employers will want to evaluate any state or local tax consequences of providing identity protection services. Also, if employers require employees to contribute to the cost of identity protection services, the contributions must be deducted on an after-tax basis. Because identity theft services are not a qualified benefit under Internal Revenue Code Section 125, employees cannot purchase the services on a pre-tax basis.