IRS: Identity Theft Protection a Tax Deductible Benefit - Even Without a Breach

chicksdaddy writes: The U.S. Internal Revenue Service has announced that it will treat identity theft protection as a non-taxable, non-reportable benefit that companies can offer — even when the company in question hasn't experienced a data breach, and regardless of whether it is offered by an employer to employees, or by other businesses (such as online retailers) to its customers, the blog E for ERISA reports. In short: companies can now deduct the cost of offering identity theft protection as a benefit for employees or extending it to customers, even if their data hasn't been exposed to hackers.

The announcement comes only four months after an earlier announcement by the IRS that it would treat identity theft protection offered to employees or customers in the wake of a data breach as a non-taxable event. Comments to the IRS following the earlier decision suggested that many businesses view a data breach as "inevitable" rather than as a remote risk.

The truth of that statement was made clear to the IRS itself, which had to provide identity theft protection earlier this year in response to a hack of its online database of past-filed returns and other filed documents which ultimately affected over 300,000 taxpayers. The new IRS guidance could be a boon to providers of identity protection services such as Experian and Lifelock, though maybe not as much as one would expect. Data from Experian suggests that consumer adoption rates for identity theft protection services is low. Fewer than 10% of those potentially affected by a breach opt for free identity protection services when they are offered. For very large breaches that number is even lower — in the single digit percentages.

Oh joy

[rsilvergun]

another free break for corps and the rich. Thanks. Anyone else notice how everytime you go through a checkout they hit you up for some charity or another? Charities are all well and good but having my donation be some company's tax dodge really pisses me off...

Why should you pay for a bank's failings?

[memzilla]

It's outrageous that anyone should have to pay to prevent having false information added to their credit record. Financial institutions control what measures they use to authenticate who they give money to, so when those measures fail, financial institutions should take responsibility for their failures. Instead, financial institutions cooked-up the concept of 'identity theft' to shift responsibility for their authentication failures on to their own customers. If governments legislated consumer protection which penalized financial institutions that add false information to people's credit record (because the financial institution's measures failed to screen out an impersonator) financial institutions would clean up their act. Instead, financial institutions reap more and more profits by avoiding spending on effective authentication measures and by getting their customers to pay for the financial institutions mistakes. It's financial institutions that are in control of consumers' identities. It's not the criminals who impersonate the financial institution's customers and it's certainly not the innocent customer (whom the financial industry has convinced they are at fault because they didn't shred their garbage) that are in control of a consumer's financial "identity".