On August 13, 2015, the IRS issued Announcement 2015-22, addressing the tax treatment of identity protection services for data breach victims. The Announcement states that when victims receive free identity protection services from an organization that suffered a data breach, the IRS will not assert the value of the identity protection services is includible in the victim’s gross income. Additionally, the IRS stated that an employer providing identity protection services to employees who may have been affected by a data breach of the employer’s (or employer’s agent or service providers) records need not include the value of those services in the employee’s gross income and wages. The value of the services is not reportable on an information return such as a W-2 Form or 1099-MISC Form.
An IRS announcement is a public statement that provides immediate or short-term guidance that would otherwise be covered by a regulation, Revenue Ruling or Revenue Procedure. The IRS issues announcements to provide guidance for completing tax forms, directions for compliance with regulations or procedures, or on matters of general interest.
Announcement 2015-22 applies to identity protection services such as credit reporting and monitoring services, identity theft insurance policies, identity restoration services, and other similar services, but only when provided in connection with a data breach that occurs as a result of hacking or otherwise. The tax relief described in the Announcement does not apply when an employer provides these services to its employees as part of its regular compensation and benefits package. Nor does it apply to cash received in lieu of identity protection services or to proceeds received under an identity theft insurance policy. The tax treatment of insurance recoveries is determined under existing tax laws.
The Announcement concludes with a request for comments on whether organizations commonly provide identity protection services in situations other than as a result of a data breach and whether additional guidance would be helpful in clarifying the tax treatment of the services provided in those situations. The deadline for providing comments to the IRS is October 13, 2015.
Data breaches increasingly affect educational institutions. In September 2015, for example, breaches of student data were reported at the California State University, the South Dakota School of Mines, a high school in New Jersey, and a high school in Kentucky, to name a few. In the Kentucky case, a nutrition services worker at the school “ended up at a website that wasn't the site she intended to be on,” using a computer that contained data such as student names, addresses, social security numbers, and dates of birth. The worker’s visit to the unauthorized website resulted in the data being accessed by a cyber-intruder. Also in September, the Charlotte-Mecklenburg Schools system notified more than 7,000 people who applied for jobs that their personal information had been shared with an outside contractor without the applicants’ authorization.
It’s critically important to have a response plan in place before such breaches occur. The plan should include identifying and appropriately notifying individuals whose data is affected by the breach. If identity protection services are offered, the IRS’s Announcement relieves the affected individuals of one potential concern: they need not report the value of the services as income.
- Partner
Peter Schaffert is a distinguished legal professional with a wealth of experience representing public sector employers in all facets of labor and employment law. Mr. Schaffert has proven expertise in navigating complex legal ...
Other AALRR Blogs
Recent Posts
- Are You Ready for AB 2534? Our AB 2534 Toolkit Is Here to Help
- Don't Start from Scratch: Our AI Policy Toolkit Has Your District Covered
- Slurs and Epithets in the College Classroom: Are they protected speech?
- AALRR’s 2024 Title IX Virtual Academy
- Unmasking Deepfakes: Legal Insights for School Districts
- How to Address Employees’ Use of Social Media
- How far is too far? Searching Students’ Homes and Remote Test Proctoring
- Making Cybersecurity a Priority
- U.S. Department of Education Issues Proposed Amendments to Title IX Regulations
- Inadvertent Disability Discrimination May Lurk in Hiring Software, Artificial Intelligence and Algorithms
Popular Categories
- (55)
- (12)
- (81)
- (96)
- (43)
- (53)
- (22)
- (40)
- (11)
- (22)
- (6)
- (4)
- (3)
- (2)
- (3)
- (2)
- (4)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
Contributors
- Steven J. Andelson
- Ernest L. Bell
- Matthew T. Besmer
- William M. Betley
- Mark R. Bresee
- W. Bryce Chastain
- J. Kayleigh Chevrier
- Andreas C. Chialtas
- Georgelle C. Cuevas
- Scott D. Danforth
- Alexandria M. Davidson
- Michael J. Davis
- Mary Beth de Goede
- Anthony P. De Marco
- Peter E. Denno
- William A. Diedrich
- A. Christopher Duran
- Amy W. Estrada
- Jennifer R. Fain
- Eve P. Fichtner
- Paul S. Fleck
- Mellissa E. Gallegos
- Stephanie L. Garrett
- Karen E. Gilyard
- Todd A. Goluba
- Jacqueline D. Hang
- Davina F. Harden
- Suparna Jain
- Jonathan Judge
- Warren S. Kinsler
- Nate J. Kowalski
- Tien P. Le
- Alex A. Lozada
- Kimberly C. Ludwin
- Bryan G. Martin
- Paul Z. McGlocklin
- Stephen M. McLoughlin
- Anna J. Miller
- Jacquelyn Takeda Morenz
- Kristin M. Myers
- Katrina J. Nepacena
- Adam J. Newman
- Anthony P. Niccoli
- Aaron V. O'Donnell
- Sharon J. Ormond
- Gabrielle E. Ortiz
- Beverly A. Ozowara
- Chesley D. Quaide
- Rebeca Quintana
- Elizabeth J. Rho-Ng
- Todd M. Robbins
- Irma Rodríguez Moisa
- Brooke Romero
- Alyssa Ruiz de Esparza
- Lauren Ruvalcaba
- Scott J. Sachs
- Gabriel A. Sandoval
- Peter A. Schaffert
- Constance J. Schwindt
- Justin R. Shinnefield
- Amber M. Solano
- David A. Soldani
- Dustin Stroeve
- Constance M. Taylor
- Mark W. Thompson
- Emaleigh Valdez
- Jonathan S. Vick
- Jabari A. Willis
- Sara C. Young
- Elizabeth Zamora-Mejia
Archives
2024
2022
2021
2020
2019
2018
- December 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- January 2018
2017
- November 2017
- October 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
2015
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
2014
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
2013
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
2012
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012