Well, in really the first blow against the University of East Anglia in the "climate-gate" scandal, something called the Information Commissioner's Office (www.ico.gov.uk) has apparently found that the university did not handle Freedom Of Information Act requests properly [LINK1 LINK2]. I should mention that LINK1 is pretty slanted in their coverage, and not very clear about what is going on, while LINK2 is mostly concerned with the FOI stuff and not so much in this particular case. I can not find anything on the ICO website, nor on the UEA site to corroborate the news reports. In any case, there will be no prosecutions because of the time between the violation and the complaint. The previous CRU statements say they did handle the requests appropriately, so this finding should elicit some response, I'd think.
As a reminder, the requests for information started flooding the CRU scientists when climate change denier websites started provoking their readers to use the FOI to get the CRU temperature data. The product that the CRU produces is a melding of temperature observations from many stations around the world, using (somewhat) sophisticated mathematical tools to blend the records and make a reasonable estimate of global temperature. As far as I can tell, the FOI requests seek the raw data that CRU uses as input for their processing. As has been covered by numerous blogs and news sites, most of this data is publicly available from the sources institutions. The CRU does not "make" this data, and does not "own" this data, so it would really be the wrong place to request that data; it isn't their job to provide someone else's raw data to the general public. (That requires resources that the CRU doesn't have.) Some of the data is obtained by special agreements with the source institutions, such as national weather services, and the CRU is not allowed to reproduce or disseminate that data. This has been made pretty clear, both to the denier/skeptic community as well as the scientific community. I do not understand why some people continue to declare that the CRU has been hiding data.
There are some of those stolen emails that seem pretty damning, though. Based on what I have seen (and I have intentionally avoided reading the stolen emails), I am not surprised that the ICO would find some faults with the handling of some FOI requests. That said, however, I think there is a reasonable counter-argument, and that is that the CRU was flooded with inappropriate FOI requests and did not have resources to handle all of them. I don't know what the law is in the UK, but I would think that it would be easy to show that most of these requests were unreasonable and would have been denied anyway. This doesn't excuse the CRU, they should have done better, but I'm convinced that these requests were not in good faith, and they were motivated by a desire to bury the CRU scientists in bureaucratic paperwork and distract them from their jobs.
One final side note. Are these stolen emails even admissible evidence? They are stolen property. Would their authenticity have to be verified independently? My hunch is that if the CRU/UEA denied that these emails were authentic, they could avoid some of this difficulty. However, I also guess that the CRU has implicitly stated that the emails are real, and maybe that makes them legitimate evidence. This seems like a thorny issue, and it'd be interesting to hear someone who knows about these issues discuss the case.