Microsoft announced @ the 8th annual MS US Public Sector CIO Summit some important enhancements and certifications that raises the  security and privacy for BPOS. Below a summary of the changes announced:

• BPOS meets a wide variety of industry standards and certifications, including International Organization for Standardization (ISO) 27001, Statement on Auditing Standards (SAS) 70 Type I and Type II, Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), Title 21 CFR Part 11 of the Code of Federal Regulations, Federal Information Processing Standard (FIPS) 140-2, and Trusted Internet Connections (TIC) compliance. Today, more than 500 state and local governments use Microsoft Online Services in the United States, including 48 of 50 states. These range from the largest entities with tens of thousands of seats to the smallest of municipalities.
• BPOS Federal is launching today for U.S. federal government agencies, related government contractors and others that require the highest levels of security features and protocols. The new offering includes all the certifications and security features of the Business Productivity Online Suite and more. The service is housed on separate, dedicated infrastructure in secured facilities. Physical access to those systems is limited by biometric access controls to a small number of individuals who, in compliance with International Traffic in Arms Regulations (ITAR), must be citizens of the United States who have undergone rigorous background checks, including fingerprinting.

The above was announced by Ron Markezich, corporate vice president of Microsoft Online. More information and a video can be found here.