CTO Maureen Govern "has decided to leave AOL effective immediately,"wrote in an e-mail to employees dated Monday.
Govern could not be reached to comment.
The researcher responsible for the and the researcher's supervisor, who reports to Govern, were fired, according a source close to the matter who asked not to be identified.
Meanwhile, John McKinley, who is president of AOL Digital Services and served as chief technology officer from 2003 to 2005, will step in as interim CTO until a permanent replacement is found, AOL said.
In a separate e-mail to AOL employees, Miller said the company would create a task force to develop new best practices on privacy and will look at how long search and other data should be saved.
The company also is considering tightening restrictions on access to databases containing search data and other sensitive member data, looking into ways to ensure that such information is not included in research databases and adopting education programs for employees on how to protect sensitive information, the e-mail shows.
"After the great lengths we've taken to build our members' trust and be an industry leader on privacy, it was disheartening to see so much good work destroyed by a single act," Miller wrote. "This incident took place because some employees did not exercise good judgment or review their proposal with our privacy team. We are taking appropriate action with the employees who were responsible."
AOL researchers posted the data on the user Web searches to a new AOL research Web site last month. It then pulled it andshortly thereafter, but not before other sites got ahold of the data and made it searchable. AOL has been for releasing the data.
While the members were kept anonymous,that privacy advocates warned that it would be possible to trace searches back to specific searchers, which several newspapers and other organizations were able to do.
"Whatever staff changes AOL chooses to make does not reduce the need for Congress and the FTC to step in," Kevin Bankston, staff attorney for the EFF, said in a telephone interview.
"To the extent the CTO's departure does have to do with this, I hope that it indicates AOL recognizes this isn't an issue of fixing a unique incident but rather reconsidering their approach to how they handle search logs," he added.
Pam Dixon, executive director of the World Privacy Forum, said the FTC should investigate whether AOL partners and others have received sensitive user data from AOL over the years.
"I don't think firing employees is going to be a solution to the problem. It appears that these data disclosures were a symptom of a more systemic problem at AOL regarding data handling policies and practices," she said. "The 'tip of the iceberg' may well apply here; it will be up to the FTC to find this out, though."
It is unclear whether AOL's release of the user search data was illegal, but if AOL broke the law, the FTC should take action, said Ari Schwartz, deputy director of the Washington, D.C.-based Center for Democracy and Technology, which receives a small fraction of its funding from AOL.
Schwartz said he was not convinced of the need for new action by Congress--specifically,offered by Rep. Edward Markey (D-Mass.) that would restrict how long all Web site operators can "warehouse" consumer data. It would be preferable for the industry to come to an agreement on uniform, voluntary standards, he said.
The notion that search companies are retaining information about users' personal searches, which "should be routinely deleted," is a lingering concern, said Marc Rotenberg, executive director of the Electronic Privacy Information Center.
"AOL could do a real service to the online community," Rotenberg said in an e-mail interview, "if it would commit to permanently (deleting) all personal search details and challenge other search companies to do the same."