The IRS announced today that it “will not assert that an individual whose personal information may have been compromised in a data breach must include in gross income the value of the identity protection services provided by the organization that experienced the data breach.”  Additionally, the IRS “will not assert that an employer providing identity protection services to employees whose personal information may have been compromised in a data breach of the employer’s (or employer’s agent or service provider’s) record keeping system must include the value of the identity protection services in the employees’ gross income and wages.”  The IRS “will also not assert that these amounts must be reported on an information return (such as Form W-2 or Form 1099-MISC) filed with respect to such individuals.”  This announcement does not apply to cash received in lieu of identity protection services, or to identity protection services received for reasons other than as a result of a data breach, such as identity protection services received in connection with an employee’s compensation benefit package.  This announcement also does not apply to proceeds received under an identity theft insurance policy; the treatment of insurance recoveries is governed by existing law.