In the wake of several recent high-profile security breaches, employers are increasingly viewing identity theft protection as an essential employee benefit for employees. According to Willis Towers Watson’s 2016 voluntary benefits and services (VBS) survey, identity theft protection, offered by 35 percent of employers in 2015, could double to nearly 70 percent by 2018. Recognizing the changing needs of the workforce, employer-provided identity theft protection typically includes some form of coverage for financial losses (which can include lost wages) as well as case management services for victims of identity theft.
Given its record growth in importance, a reminder of the tax treatment of employer-provided identity protection services is well timed. Previously, only employees in the aftermath of a data breach could treat identity theft monitoring as a nontaxable event. However, in early 2016, the Internal Revenue Service (IRS) announced it would treat identity theft protection as a nontaxable, non-reportable benefit for any employee, regardless of whether they experienced a data breach. According to Announcement 2016-02, individual taxpayers need not include the value of such benefits in their taxable income, and employers are not required to report their value on information returns, such as Form W-2 or Form 1099-MISC. Identity theft protection for this purpose includes credit report and monitoring services, identity theft insurance policies, identity restoration services, and other similar services. This relief does not apply to cash received in lieu of identity protection services or to proceeds received under an identity theft insurance policy.