Ms. Govern managed the division responsible for exposing about 19 million search requests executed by more than half a million AOL subscribers over a three-month period this year. The blunder, first disclosed earlier this month, has put pressure on AOL and its rival search engines to reassure consumers of their privacy online.
Ms. Govern is being replaced on an interim basis by John McKinley, AOL's president of digital services, according to a memo AOL CEO Jonathan Miller sent to employees yesterday. Mr. McKinley served as AOL's chief technology officer prior to Ms. Govern.
"After the great lengths we've taken to build our members' trust and be an industry leader on privacy, it was disheartening to see so much good work destroyed by a single act," Mr. Miller said in the memo to employees.
Implications for Google
It is apparent, however, that AOL's self-described "screw up" has implications for the entire industry. Google is particularly vulnerable because its fortunes are so closely tied with search, not to mention the fact that it owns a 5% stake in AOL. AOL also depends on Google's algorithms for its search results.
Despite those concerns, Google CEO Eric Schmidt told members of the press earlier this month that Google would not store user search data. Google, like other engines, keeps user queries ostensibly to refine its understanding of search behavior and intent.
Some privacy advocates are calling for the U.S. Federal Trade Commission to review AOL's search data retention practices, while others in the industry would rather the government stay out it.
"We would prefer the industry to come up with some standards on its own," said Ari Schwartz deputy director of the Center for Democracy and Technology.
Mr. Schwartz added that security breaches like AOL's could have a lasting negative impact on the search business. "People are either going to create new ways to protect their privacy or just stop using the technology."
AOL does substitute numeric IDs for its subscribers' real user names when collecting query data, but the company acknowledged that queries by themselves can hold personally identifiable data. It's common, for example, for people to query their own names during one search session, and then later on query highly sensitive interests using the same account.