Slashdot Mirror
IRS: Identity Theft Protection a Tax Deductible Benefit - Even Without a Breach (wordpress.com)
chicksdaddy writes: The U.S. Internal Revenue Service has announced that it will treat identity theft protection as a non-taxable, non-reportable benefit that companies can offer — even when the company in question hasn't experienced a data breach, and regardless of whether it is offered by an employer to employees, or by other businesses (such as online retailers) to its customers, the blog E for ERISA reports. In short: companies can now deduct the cost of offering identity theft protection as a benefit for employees or extending it to customers, even if their data hasn't been exposed to hackers.
The announcement comes only four months after an earlier announcement by the IRS that it would treat identity theft protection offered to employees or customers in the wake of a data breach as a non-taxable event. Comments to the IRS following the earlier decision suggested that many businesses view a data breach as "inevitable" rather than as a remote risk.
The truth of that statement was made clear to the IRS itself, which had to provide identity theft protection earlier this year in response to a hack of its online database of past-filed returns and other filed documents which ultimately affected over 300,000 taxpayers. The new IRS guidance could be a boon to providers of identity protection services such as Experian and Lifelock, though maybe not as much as one would expect. Data from Experian suggests that consumer adoption rates for identity theft protection services is low. Fewer than 10% of those potentially affected by a breach opt for free identity protection services when they are offered. For very large breaches that number is even lower — in the single digit percentages.
The announcement comes only four months after an earlier announcement by the IRS that it would treat identity theft protection offered to employees or customers in the wake of a data breach as a non-taxable event. Comments to the IRS following the earlier decision suggested that many businesses view a data breach as "inevitable" rather than as a remote risk.
The truth of that statement was made clear to the IRS itself, which had to provide identity theft protection earlier this year in response to a hack of its online database of past-filed returns and other filed documents which ultimately affected over 300,000 taxpayers. The new IRS guidance could be a boon to providers of identity protection services such as Experian and Lifelock, though maybe not as much as one would expect. Data from Experian suggests that consumer adoption rates for identity theft protection services is low. Fewer than 10% of those potentially affected by a breach opt for free identity protection services when they are offered. For very large breaches that number is even lower — in the single digit percentages.
As long as a company can only take the tax deduction for each person that actually uses an identity protection service in their name, I'm ok with this. Otherwise what is to stop Company A, B, C, etc, from all claiming that they should get a tax deduction for all 300+ million Americans?
Trump will make america great
Too late. I already had mine stolen. #forealz
Trump for president. This year he will make it!
> worse than evolutionists
Huh. Most Christians would prefer a Muslim to an atheist as President. Yey us atheists making progress!
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Trump's wall will have big door to let foreign money in, legally. It will be a big wall. Big and beautiful.
Somebody has to cover the cost of fraud protection when it's the IRS doing the identity theft.
where's the deduction verification?
another free break for corps and the rich. Thanks. Anyone else notice how everytime you go through a checkout they hit you up for some charity or another? Charities are all well and good but having my donation be some company's tax dodge really pisses me off...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I'd really like to know from all the "Everyone needs to pay their fair share!" people WHY THE FUCK THIS GOVERNMENT DESERVES MORE MONEY???
Seriously?
WHY do you want to give more money to the government of warrantless wiretaps?
WHY do you want to give more money to the government of the TSA?
WHY do you want to give more money to the government of the OPM data breach?
WHY do you want to give more money to the government of an out-of-control tax collector?
WHY do you want to give more money that puts tax cheats in charge of the Treasury (and tax collection)?
WHY do you want to give more money to the government that lies to you? (Pick your party - they ALL lie)
WHY?????
Because we all know the power that money buys will only be used AGAINST us.
LOL... I do so love that rhetoric... Trump is playing to the masses who long for the anti-establishment candidate, strangely it seems to be working. Now why might that be? Hum....
First we're told this:
Fewer than 10%
and later, this comparison:
even lower — in the single digit percentages
Less than 10% IS single-digit percentages. Without specific percentages we can't tell how much lower one is than the other.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
So companies who have shabby security practices and lax protection of customer data get rewarded with a tax break as soon as their lack of security strikes?
That's adding insult to injury. You not only get your data stolen by virtue of their incompetence, you also have to pay for it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I was one of those people who had their identity stolen from the IRS (and the OPM, so I very nearly hit the trifecta). I got letters from both of them discussing my year of free credit protection service. I called the number provided, and was asked to provide pretty much every personal detail so they could "start my protection" which I refused. Is the whole thing a scam? Maybe. Even if not, why would I spread around my personal information to yet another source that could be breached in the future? My present plan is to live a cash rich/credit poor existence, and tell any credit company who claims that I owe them money because of some charge I did not make, to go pound sand.
The government that pretty much saved the world during WWII.
The government that is pretty much the only thing standing between you and actual, honest-to-god, slavery at the hands of corporations.
The government that provides food stamps so that you have at least a chance of not starving to death if you become unemployed.
The government that built all the highways, bridges and other infrastructure that allows modern commerce to happen.
The government that funded the creation of the internet which so much of modern society depends upon.
The government that provides clean water so that everyone isn't getting toxic water like Flint, MI without any alternative (and that same federal government is taking steps to fix the problem caused by the local idiots, so don't think that's a point toward your argument).
The government that prevents modern food supplies from resembling what Upton Sinclair described in The Jungle. Or maybe you want BSE infected beef in your diet and see this as a negative.
The government that enforces bans on lead in the paint used on children's toys.
The government that forced the recall of pet food tainted with melamine which was killing pets.
I could keep going. It's easier to make a list of the good things that come from our government than it is to come up with bad things. The reality is that nothing is perfect and refusing anything that isn't perfect is an impossible way to live.
If you think there's a serious problem with the government, suggest an alternative that will actually work rather than just saying "this isn't perfect, abandon it and let chaos reign!" because that's the most idiotic thing we could possibly do.
Good, get your fat ass off the sofa and mail them a check so the rest of us dont have to.
Securing data against intrusion and theft is really hard. If your data is an attractive target, you're basically putting yourself in a perpetual arms race which you can win only by continually investing a lot of money into it, and only by hiring really good people and listening to them. Some organizations don't want to spend money. Many don't want to listen to their security people when the security advice gets in the way of business goals.
But that's the easy problem.
The hard problem is securing data against your own employees. It begins with treating them so well that they have no incentive to screw you. Few companies want to do what that costs. But no matter how well you do that, you still have to defend against clever, malicious insiders who are disgruntled (in spite of treating them well). This is really hard because many of the people you're defending against actually need access to the data and/or the systems on which it resides. To secure it against them you need layered defenses, separated networks and audited access control points in all of the above -- which also requires very careful ACL management (much, much harder than it appears). Oh, and you really have to audit the accesses, which is neither easy nor cheap. Of course you also need all the typical IT security stuff; control the hardware on your networks, the software on your hardware, etc. Keeping malware out is extremely hard, but at least you can buy products which help (somewhat) with that. Most of the rest of the stuff just requires good staff and lots of resources. It's much more expensive than products.
But that's still the easy part of the hard problem. The hard part of the hard problem is securing your data against honest, well-intentioned employees. People make mistakes. People get social-engineered. Good people intentionally subvert security controls because they know they're not doing anything malicious (and they're not!) but just finding ways to be more efficient. To deal with this, you need lots of things. Start with regular employee security training, repeated fairly frequently, and carefully customized to be relevant for each group of employees. Next you also need oversight from security in all areas of your systems design and deployment, with regular audits. The goal of the security oversight is to ensure that separation of authority and prevention of leakage is built into every part of your systems, from the ground up (note that this will hugely complicate (read $$$) the integration of software you purchase to run your operations). Next, you need to regularly attack your own systems. You should have internal teams who are focused on finding ways to defeat your own security countermeasures. These teams should have full access to all system information, and a very broad permission to use whatever means will work. It's a good idea to rotate the people who design your security systems through your attack teams. Oh, and you need oversight and auditing for the attack teams. Finally, you need executive commitment to do all of the above even though it's expensive, complicated and occasionally embarrassing. Part of that commitment must include not coming down hard on people who have been found to make honest mistakes or overlook things. You must foster a culture of finding and fixing problems, rather than seeking scapegoats. That's perhaps the hardest part of all.
Now... who thinks their company is capable of doing that? In my career (some 20 years in the business, 15 of them as an expensive consultant) I've found none who could do it all, and perhaps three who could do enough of it to really give me confidence in their security posture. Two of the three were military.
BUT! There's a really simple, (technically) very easy solution. Here it is, for free: Don't store sensitive data. If you must touch it, keep it isolated and ephemeral. If you don't have to touch it, don't!
It's super easy to secure data you don't have. If you think you do have to store sensitive
The government that pretty much saved the world during WWII.
American citizen soldiers did this.
The government that is pretty much the only thing standing between you and actual, honest-to-god, slavery at the hands of corporations.
I can take care of myself thanks. Wal-mart does not make me consume its products or services at the barrel of a gun, the government does.
The government that provides food stamps so that you have at least a chance of not starving to death if you become unemployed.
Unemployment insurance is already provided and you pay for it, so you don't need foodstamps just because you lose your job. Also, if you lose your job, you should have been SAVING, not blowing every dime you make, unless you are the government, in which case you do blow everything you take.
The government that built all the highways, bridges and other infrastructure that allows modern commerce to happen.
Our dollars paid private companies, usually, to build these things.
The government that funded the creation of the internet which so much of modern society depends upon.
The internet never took off until the government turned it loose. Yes I realize what its origins are, and I am NOT saying all government action is inherently bad.
The government that provides clean water so that everyone isn't getting toxic water like Flint, MI without any alternative (and that same federal government is taking steps to fix the problem caused by the local idiots, so don't think that's a point toward your argument).
Clean water can come from many places. Not all water sources are from the government, or have to be.
The government that prevents modern food supplies from resembling what Upton Sinclair described in The Jungle. Or maybe you want BSE infected beef in your diet and see this as a negative.
Oh the same goverment that permitted "pink slime" until people found out? Upton Sinclair was NOT a government agent, where was the government before this?
The government that enforces bans on lead in the paint used on children's toys.
Hey that's a good thing. we agree.
The government that forced the recall of pet food tainted with melamine which was killing pets.
Again, not all governmental actions are bad.
I could keep going. It's easier to make a list of the good things that come from our government than it is to come up with bad things.
For you maybe, but for many, the reverse is true.
The reality is that nothing is perfect and refusing anything that isn't perfect is an impossible way to live.
If you think there's a serious problem with the government, suggest an alternative that will actually work rather than just saying "this isn't perfect, abandon it and let chaos reign!" because that's the most idiotic thing we could possibly do.
Returning to a simpler less federalistic system as the founders had and intended, need not be chaotic as you suggest. What becomes chaotic is trying to obey the volumes and volumes of laws passed on a daily basis. That is true chaos. You are erecting a straw man, in that most people who want more limited government
are not in favor of no government, nor do they want chaos.
It's outrageous that anyone should have to pay to prevent having false information added to their credit record. Financial institutions control what measures they use to authenticate who they give money to, so when those measures fail, financial institutions should take responsibility for their failures. Instead, financial institutions cooked-up the concept of 'identity theft' to shift responsibility for their authentication failures on to their own customers. If governments legislated consumer protection which penalized financial institutions that add false information to people's credit record (because the financial institution's measures failed to screen out an impersonator) financial institutions would clean up their act. Instead, financial institutions reap more and more profits by avoiding spending on effective authentication measures and by getting their customers to pay for the financial institutions mistakes. It's financial institutions that are in control of consumers' identities. It's not the criminals who impersonate the financial institution's customers and it's certainly not the innocent customer (whom the financial industry has convinced they are at fault because they didn't shred their garbage) that are in control of a consumer's financial "identity".
You spelled "grate" wrong.
Sleep your way to a whiter smile...date a dentist!
And remember the time he pulled his fleshmask off and revealed he's a demon from the 4th pit of hell, sent to spread the dark lord satan's influence far and wide using the power of jew dominated media and demonic chinese manufacturing power?
I still wonder how he got elected with his headscarf, cloven hooves, and constant need to murder and devour babies.
Why are there services like this in the first place? As a consumer, why should I have to buy an Identity Theft Protection service at all, unless freely offered?
If my identity gets stolen and I suffer a financial loss due to this, the company accountable for the data breach should be fully responsible to cover the cost of this, by default. Are you telling me they don't and this gets dumped onto consumers?
Maybe I just don't understand capitalist America...
So why the hell isn't it tax deductible for individuals who pay for their own fraud protection?
blindly antisocialist = antisocial
And remember the time he pulled his fleshmask off and revealed he's a demon from the 4th pit of hell, sent to spread the dark lord satan's influence far and wide using the power of jew dominated media and demonic chinese manufacturing power?
I still wonder how he got elected with his headscarf, cloven hooves, and constant need to murder and devour babies.
What do you think those gigantic ears are for? Fleshmask handles.
Of course that's not as interesting of a theory as that they are handles for Michelle to grab when he sucks her dick.
Returning to a simpler less federalistic system as the founders had and intended, need not be chaotic as you suggest. What becomes chaotic is trying to obey the volumes and volumes of laws passed on a daily basis. That is true chaos. You are erecting a straw man, in that most people who want more limited government are not in favor of no government, nor do they want chaos.
Where do you, and/or others that feel that way, draw the line? Do you all agree where that line should be drawn?
This is so much the risk can be mitigated without ADMITTING to a breach.
That is the boon to those services. The whole point of asking Congress to subsidize a particular industry's customers, is to increase the number of customers.
If widget purchases are tax-deductible, then people will buy more widgets (and fewer gadgets). What's weird is that we still think of income tax as being merely a tax on income, rather than a system for encouraging certain spending and discouraging others. What I want to see, is Hollywood making entertainment tax-deductible. I can't believe they haven't bought that one yet.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
1) We make it VERY hard to change social security numbers, which would deal with a lot of the issues.
2) They refuse to offer effective, optional enhanced security methods as well.
What they should do is offer a free "Secure Replacement Number", SRN, to anyone that is the victim of ID theft. Charge $50 to do it, get a picture (updated yearly), thumb print, and signature on the SRN card. Have the SRN card always start with the letter R, so your new SRN would be something along the lines of "R23-87-1234"
Make it illegal for any business or government to require/forbid the use of an SRN, or even to offer price changes for it's use. Have an online database that lets people enter the SRN and see a picture of the
This lets people that want to get extra security do so, does not affect the existing SSN limitations, and in general makes ID theft much harder.
The only real problem is dealing with all the existing code that expects SSN to have digits only.
excitingthingstodo.blogspot.com
Why won't anyone consider giving our identities a pin number that can be changed. Our ID is our password right now. When will this insanity end!