Announcement 2015-22 Identity theft, also known as identity fraud,
occurs when a person wrongfully obtains and uses another person’s personal
information (for example, name, social security number, or banking or credit
account numbers) in a way that involves fraud or deception, typically for
economic gain.
Identity theft is a growing problem in the United States. Identity theft
has been the number one consumer complaint to the Federal Trade Commission for
fifteen consecutive years. The Bureau of Justice Statistics estimates that 16.6
million people were victims of identity theft in 2012, the latest year for
which data is available. In addition, recent high-profile data breaches at
various organizations have exposed many more millions of persons to the risk of
identity theft.
Businesses, government agencies, and other organizations make
significant efforts to secure the personal information of their customers and
employees. Notwithstanding these efforts, a data breach of an organization’s
recordkeeping systems, whether due to computer “hacking” or otherwise, can
expose this information to identity thieves. In response to such data breaches,
organizations often provide credit reporting and monitoring services, identity
theft insurance policies, identity restoration services, or other similar
services (collectively “identity protection services”) to the customers, 2
employees, or other individuals whose personal information may have been
compromised as a result of the data breach. These identity protection services
are intended to prevent and mitigate losses due to identity theft resulting
from the data breach.
Questions have been raised concerning the taxability of identity
protection services provided at no cost to customers, employees, or other
individuals whose personal information may have been compromised in a data
breach. Existing guidance does not specifically address these questions. The
IRS will not assert that an individual whose personal information may have been
compromised in a data breach must include in gross income the value of the
identity protection services provided by the organization that experienced the
data breach.
Additionally, the IRS will not assert that an employer providing
identity protection services to employees whose personal information may have
been compromised in a data breach of the employer’s (or employer’s agent or
service provider’s) recordkeeping system must include the value of the identity
protection services in the employees’ gross income and wages. The IRS will also
not assert that these amounts must be reported on an information return (such
as Form W-2 or Form 1099-MISC) filed with respect to such individuals.
This announcement does not apply to cash received in lieu of identity
protection services, or to identity protection services received for reasons
other than as a result of a data breach, such as identity protection services
received in connection with an employee’s compensation benefit package. This
announcement also does not apply to proceeds received under an identity theft
insurance policy; the treatment of insurance recoveries is governed by existing
law.
The Treasury Department and the IRS request comments on whether
organizations commonly provide identity protection services in situations other
than as a result of a data breach, and whether additional guidance would be
helpful in clarifying the tax treatment of the services provided in those
situations.
Comments should be submitted in writing on or before October 13, 2015 to
the following address: Internal Revenue Service CC:PA:LPD:PR (Announcement
2015-22) P.O. Box 7604 Ben Franklin Station Washington, DC 20044 Comments also
may be sent electronically to notice.comments@irscounsel.treas.gov. Please
include "Announcement 2015-22” in the subject line.
All comments will be available for public inspection. The principal
author of this announcement is Seoyeon Sharon Park of the Office of Associate
Chief Counsel (Income Tax & Accounting). For further information regarding
this announcement, contact Ms. Park at (202) 317-7006 (not a toll-free call).
No comments:
Post a Comment