In the spirit of helping pass along good information for your O365 efforts, I thought the following was a good articulation of the sensitive issue of your data being stored in O365.
“In our last few From Inside the Cloud posts, we offered an insider’s perspective from lead engineers Perry Clarke, Vivek Sharma and Shawn Veney on how we protect your data at rest, who has access to your data within Office 365, and how Office 365 does continuous compliance. They explained the various mitigations that we have in place for data security, access control, and ensuring that customers have the ability to comply with regulations or their own organizational policies. These posts followed an overview on why trust Office 365 with Rajesh Jha, the head of Office 365 engineering, who emphasized how we ensure that you retain full ownership of your data in the Office 365 service. Today I want to take that aspect of the discussion a step or two further by exploring how this translates to the value that we are engineering into Office 365.” (http://bit.ly/1DjDOoe)
I hope this is helpful,