So AOL has basically said, "we're sorry." Here is a quote from the CNET article:
"This was a screw-up, and we're angry and upset about it. It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant," AOL, a unit of Time Warner, said in a statement. "Although there was no personally identifiable data linked to these accounts, we're absolutely not defending this. It was a mistake, and we apologize. We've launched an internal investigation into what happened, and we are taking steps to ensure that this type of thing never happens again."
I have to say, I give AOL credit for just taking responsibility and admitting that this was a mistake. That is the best thing to do when trying to manage a crisis - "don't." I remember back in circa 1992, there was a problem with Intel's CPU and they just kept trying to make excuses. The whole situation blew up in their face.
Jason Calcanis, who runs Netscape for AOL, has suggested that AOL not maintain any search logs. I'm all for privacy, but maintaining this type of data also helps improve search and make it more useful. The best way to ensure absolute privacy, unfortunately, is to not maintain any information. It would be a shame, because it limits the ability to conduct research and innovate. Perhaps a middle ground would be for a group of companies to create a library of search data and scrub it for any user names, SSNs, etc., and make that available for any University or company looking to conduct search research.
This is not much different than how large text and speech libraries are handled for research.