Personal privacy versus public safety is a rights trade-off that has been brought into sharp focus by the COVID-19 pandemic, with flow-on implications for the success of contract tracing regimes implemented across Australia. These contact tracing regimes depend upon the supply of accurate information by individuals, which in turn depends upon the trust that is placed in health authorities and other government officials to handle personal information with care. A range of different laws govern the collection and use of personal information by health authorities at the federal level and in each Australian state or territory. Understanding these rules might help us to work out ways to ensure that everyone in our community feels like they can tell the truth when it matters most. Using a case study from South Australia, this article reviews existing legislative, regulatory and policy frameworks that currently apply to the collection and use of personal information in health care and highlights the tension between creating incentives to share personal information and policing compliance with COVID-19 laws and ensuring robust legal protection for sensitive personal information. Relevant lessons from the South Australian experience are then extrapolated for consideration by other Australian jurisdictions, with a view to identifying what safeguards and protections could be included in current legal frameworks governing the use, sharing and disclosure of personal information in health care settings to help resolve the current tension between protecting individual privacy and promoting public health. Refereed/Peer-reviewed