Slashdot Mirror
IRS: Identity Theft Protection a Tax Deductible Benefit - Even Without a Breach (wordpress.com)
chicksdaddy writes: The U.S. Internal Revenue Service has announced that it will treat identity theft protection as a non-taxable, non-reportable benefit that companies can offer — even when the company in question hasn't experienced a data breach, and regardless of whether it is offered by an employer to employees, or by other businesses (such as online retailers) to its customers, the blog E for ERISA reports. In short: companies can now deduct the cost of offering identity theft protection as a benefit for employees or extending it to customers, even if their data hasn't been exposed to hackers.
The announcement comes only four months after an earlier announcement by the IRS that it would treat identity theft protection offered to employees or customers in the wake of a data breach as a non-taxable event. Comments to the IRS following the earlier decision suggested that many businesses view a data breach as "inevitable" rather than as a remote risk.
The truth of that statement was made clear to the IRS itself, which had to provide identity theft protection earlier this year in response to a hack of its online database of past-filed returns and other filed documents which ultimately affected over 300,000 taxpayers. The new IRS guidance could be a boon to providers of identity protection services such as Experian and Lifelock, though maybe not as much as one would expect. Data from Experian suggests that consumer adoption rates for identity theft protection services is low. Fewer than 10% of those potentially affected by a breach opt for free identity protection services when they are offered. For very large breaches that number is even lower — in the single digit percentages.
The announcement comes only four months after an earlier announcement by the IRS that it would treat identity theft protection offered to employees or customers in the wake of a data breach as a non-taxable event. Comments to the IRS following the earlier decision suggested that many businesses view a data breach as "inevitable" rather than as a remote risk.
The truth of that statement was made clear to the IRS itself, which had to provide identity theft protection earlier this year in response to a hack of its online database of past-filed returns and other filed documents which ultimately affected over 300,000 taxpayers. The new IRS guidance could be a boon to providers of identity protection services such as Experian and Lifelock, though maybe not as much as one would expect. Data from Experian suggests that consumer adoption rates for identity theft protection services is low. Fewer than 10% of those potentially affected by a breach opt for free identity protection services when they are offered. For very large breaches that number is even lower — in the single digit percentages.
Somebody has to cover the cost of fraud protection when it's the IRS doing the identity theft.
That sounds like it. This is for proactive services as most companies view a breach as inevitable rather than unlikely.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
where's the deduction verification?
another free break for corps and the rich. Thanks. Anyone else notice how everytime you go through a checkout they hit you up for some charity or another? Charities are all well and good but having my donation be some company's tax dodge really pisses me off...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I'd really like to know from all the "Everyone needs to pay their fair share!" people WHY THE FUCK THIS GOVERNMENT DESERVES MORE MONEY???
Seriously?
WHY do you want to give more money to the government of warrantless wiretaps?
WHY do you want to give more money to the government of the TSA?
WHY do you want to give more money to the government of the OPM data breach?
WHY do you want to give more money to the government of an out-of-control tax collector?
WHY do you want to give more money that puts tax cheats in charge of the Treasury (and tax collection)?
WHY do you want to give more money to the government that lies to you? (Pick your party - they ALL lie)
WHY?????
Because we all know the power that money buys will only be used AGAINST us.
First we're told this:
Fewer than 10%
and later, this comparison:
even lower — in the single digit percentages
Less than 10% IS single-digit percentages. Without specific percentages we can't tell how much lower one is than the other.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
One problem with the AC is a misunderstanding on how tax deductions work. It's by actual expense - not per person.
IE I'm not claiming that I 'protected' 300M Americans. I'm claiming that I spent $3M on identity protection services for my clients and employees. Which would be rather expensive if I only have 3k of them, but rather cheap if I serve all 300M Americans.
I don't read AC A human right
So companies who have shabby security practices and lax protection of customer data get rewarded with a tax break as soon as their lack of security strikes?
That's adding insult to injury. You not only get your data stolen by virtue of their incompetence, you also have to pay for it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The government that pretty much saved the world during WWII.
The government that is pretty much the only thing standing between you and actual, honest-to-god, slavery at the hands of corporations.
The government that provides food stamps so that you have at least a chance of not starving to death if you become unemployed.
The government that built all the highways, bridges and other infrastructure that allows modern commerce to happen.
The government that funded the creation of the internet which so much of modern society depends upon.
The government that provides clean water so that everyone isn't getting toxic water like Flint, MI without any alternative (and that same federal government is taking steps to fix the problem caused by the local idiots, so don't think that's a point toward your argument).
The government that prevents modern food supplies from resembling what Upton Sinclair described in The Jungle. Or maybe you want BSE infected beef in your diet and see this as a negative.
The government that enforces bans on lead in the paint used on children's toys.
The government that forced the recall of pet food tainted with melamine which was killing pets.
I could keep going. It's easier to make a list of the good things that come from our government than it is to come up with bad things. The reality is that nothing is perfect and refusing anything that isn't perfect is an impossible way to live.
If you think there's a serious problem with the government, suggest an alternative that will actually work rather than just saying "this isn't perfect, abandon it and let chaos reign!" because that's the most idiotic thing we could possibly do.
Securing data against intrusion and theft is really hard. If your data is an attractive target, you're basically putting yourself in a perpetual arms race which you can win only by continually investing a lot of money into it, and only by hiring really good people and listening to them. Some organizations don't want to spend money. Many don't want to listen to their security people when the security advice gets in the way of business goals.
But that's the easy problem.
The hard problem is securing data against your own employees. It begins with treating them so well that they have no incentive to screw you. Few companies want to do what that costs. But no matter how well you do that, you still have to defend against clever, malicious insiders who are disgruntled (in spite of treating them well). This is really hard because many of the people you're defending against actually need access to the data and/or the systems on which it resides. To secure it against them you need layered defenses, separated networks and audited access control points in all of the above -- which also requires very careful ACL management (much, much harder than it appears). Oh, and you really have to audit the accesses, which is neither easy nor cheap. Of course you also need all the typical IT security stuff; control the hardware on your networks, the software on your hardware, etc. Keeping malware out is extremely hard, but at least you can buy products which help (somewhat) with that. Most of the rest of the stuff just requires good staff and lots of resources. It's much more expensive than products.
But that's still the easy part of the hard problem. The hard part of the hard problem is securing your data against honest, well-intentioned employees. People make mistakes. People get social-engineered. Good people intentionally subvert security controls because they know they're not doing anything malicious (and they're not!) but just finding ways to be more efficient. To deal with this, you need lots of things. Start with regular employee security training, repeated fairly frequently, and carefully customized to be relevant for each group of employees. Next you also need oversight from security in all areas of your systems design and deployment, with regular audits. The goal of the security oversight is to ensure that separation of authority and prevention of leakage is built into every part of your systems, from the ground up (note that this will hugely complicate (read $$$) the integration of software you purchase to run your operations). Next, you need to regularly attack your own systems. You should have internal teams who are focused on finding ways to defeat your own security countermeasures. These teams should have full access to all system information, and a very broad permission to use whatever means will work. It's a good idea to rotate the people who design your security systems through your attack teams. Oh, and you need oversight and auditing for the attack teams. Finally, you need executive commitment to do all of the above even though it's expensive, complicated and occasionally embarrassing. Part of that commitment must include not coming down hard on people who have been found to make honest mistakes or overlook things. You must foster a culture of finding and fixing problems, rather than seeking scapegoats. That's perhaps the hardest part of all.
Now... who thinks their company is capable of doing that? In my career (some 20 years in the business, 15 of them as an expensive consultant) I've found none who could do it all, and perhaps three who could do enough of it to really give me confidence in their security posture. Two of the three were military.
BUT! There's a really simple, (technically) very easy solution. Here it is, for free: Don't store sensitive data. If you must touch it, keep it isolated and ephemeral. If you don't have to touch it, don't!
It's super easy to secure data you don't have. If you think you do have to store sensitive
It's outrageous that anyone should have to pay to prevent having false information added to their credit record. Financial institutions control what measures they use to authenticate who they give money to, so when those measures fail, financial institutions should take responsibility for their failures. Instead, financial institutions cooked-up the concept of 'identity theft' to shift responsibility for their authentication failures on to their own customers. If governments legislated consumer protection which penalized financial institutions that add false information to people's credit record (because the financial institution's measures failed to screen out an impersonator) financial institutions would clean up their act. Instead, financial institutions reap more and more profits by avoiding spending on effective authentication measures and by getting their customers to pay for the financial institutions mistakes. It's financial institutions that are in control of consumers' identities. It's not the criminals who impersonate the financial institution's customers and it's certainly not the innocent customer (whom the financial industry has convinced they are at fault because they didn't shred their garbage) that are in control of a consumer's financial "identity".
You spelled "grate" wrong.
Sleep your way to a whiter smile...date a dentist!
So why the hell isn't it tax deductible for individuals who pay for their own fraud protection?
blindly antisocialist = antisocial
Returning to a simpler less federalistic system as the founders had and intended, need not be chaotic as you suggest. What becomes chaotic is trying to obey the volumes and volumes of laws passed on a daily basis. That is true chaos. You are erecting a straw man, in that most people who want more limited government are not in favor of no government, nor do they want chaos.
Where do you, and/or others that feel that way, draw the line? Do you all agree where that line should be drawn?
That is the boon to those services. The whole point of asking Congress to subsidize a particular industry's customers, is to increase the number of customers.
If widget purchases are tax-deductible, then people will buy more widgets (and fewer gadgets). What's weird is that we still think of income tax as being merely a tax on income, rather than a system for encouraging certain spending and discouraging others. What I want to see, is Hollywood making entertainment tax-deductible. I can't believe they haven't bought that one yet.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
1) We make it VERY hard to change social security numbers, which would deal with a lot of the issues.
2) They refuse to offer effective, optional enhanced security methods as well.
What they should do is offer a free "Secure Replacement Number", SRN, to anyone that is the victim of ID theft. Charge $50 to do it, get a picture (updated yearly), thumb print, and signature on the SRN card. Have the SRN card always start with the letter R, so your new SRN would be something along the lines of "R23-87-1234"
Make it illegal for any business or government to require/forbid the use of an SRN, or even to offer price changes for it's use. Have an online database that lets people enter the SRN and see a picture of the
This lets people that want to get extra security do so, does not affect the existing SSN limitations, and in general makes ID theft much harder.
The only real problem is dealing with all the existing code that expects SSN to have digits only.
excitingthingstodo.blogspot.com