Amid recent revelations that the NSA has been secretly spying on phone records and the Internet activity of people in the United States, transparency reports filed by the California utilities companies and obtained by the ACLU of California show that a significant amount of data about the energy use of Californians could be ending up in the hands of the government too. In 2012, a single California utility company, San Diego Gas & Electric, disclosed the smart meter energy records of over 4,000 of its customers pursuant to legal demands – and it’s unclear whether this information was turned over in a private lawsuit, to local law enforcement, or even to the federal government.

Smart meters, the modern energy measurement devices now installed on most California homes, can collect up to 3,000 data points a month about energy usage, potentially exposing details about your private life including whether you are home or away, your sleep and work habits, and maybe even if you need to take hot baths or use specialized medical equipment. It’s like someone being inside your house taking notes on the intimate details of your day-to-day life.

The sensitive nature of these energy records prompted California lawmakers to call for privacy safeguards in 2010, and in 2011 the California Public Utilities Commission adopted privacy rules. The CPUC rules prohibit utility companies from sharing smart meter energy usage information with third parties without consumer consent unless the disclosure is pursuant to legal process. The rules require each utility to issue an annual transparency report describing the number of legal demands received for usage information and the number of customers whose records were actually disclosed.

The California energy utilities filed their first transparency reports in April 2013 and the results reveal some very interesting and potentially concerning information about demands for energy data in 2012. While Southern California Edison Company (SCE) disclosed records for 1 customer, and Pacific Gas & Electric (PG&E) disclosed records on 86, San Diego Gas & Electric (SDG&E) disclosedthe records of 4,062 customers. SDG&E’s report also does not disclose how many demands it received, as the rules require. SDG&E serves 3.4 million people and—as we have learned in the NSA spying revelations—a single legal request can potentially result in the disclosure of millions of customers’ records. Finally, none of the reports reveal whether the federal government, local law enforcement, or private litigants demanded or received the records.

These annual smart meter reports provide welcome transparency into the number of entities using legal process to obtain Californians’ energy usage information. But the reports also raise further questions about why some of the disclosure numbers are so high, who is requesting and receiving energy data, and the form of legal process behind the requests. The CPUC has authority under the privacy rules to ask for additional information, and it should do so. And all of the California utilities should be forthcoming about just how many demands they are receiving for customer information, how many customer records are implicated, and the nature of these demands. Energy usage information includes details about the private lives of Californians—when a utility discloses these records, customers should know what is happening and why.