A security gateway receives messages transmitted between a server and a client device on a network and parses the messages into a plurality of data objects, such as strings and name-value pairs. The data objects may represent user personal identification information, such as user name, social security number, credit card number, patient code, driver's license number, and other personal identification information. The security gateway uses rules to recognize data objects and validate the data objects to determine whether the recognized data objects are appropriately included within the context. The security gateway may also perform an action on the data objects. Data objects that are not appropriately included in the context may be transformed, suppressed or disallowed.