Abstract: In emergency response, personal information can be used for prediction and early warning, emergency decision-making, trend study, hazard identification and control, etc. The COVID-19 outbreak response reveals the government's inadequacy in the use of personal information, and the root cause lies in the defects of the legal rules. The privacy-centered personal information protection model is inherently inadequate, and the specific rules for the use of personal information in emergency state are missing, while the government information disclosure rules can not be applied to the use of personal information in most cases. In order to establish a legal system for the government to use personal information in emergency response, we should adhere to the principle of priority-of-use, the principle of proportionality which can be moderately adjusted, and the principle of basic-rights protection. In the legislation and amendment activity after the epidemic, the administrative organization should be clearly authorized to use personal information in emergency response, the cooperation obligation of individuals and units should be stipulated, and meanwhile the administrative organization should be required to follow the principle of proportionality and meet the substantive protection of basic-rights of citizens.