Each contractual party must be a "competent person" having legal capacity. The parties may be natural persons ("individuals") or juristic persons (" corporations "). An agreement is formed when an "offer" is accepted. The parties must have an intention to be legally bound ; and to be valid, the agreement must have both proper "form" and a lawful object. In England (and in jurisdictions using English contract principles), the parties must also exchange " consideration " to create a "mutuality of obligation," as in Simpkins v Pays . 
Afterthought: My organization, recently turned 20 years old. When it started, we didn’t believe things could get this bad, but it wasn’t too soon after that it became apparent. I issued dire warnings about botnets in 2001 to the DHS, I made public pronouncements to these ends in 2005 (greeted by rolled eyes from an RCMP staff sergeant). I may have been a little too prescient for my own good at the time, but can anyone really say, in this day and age, that lives are at stake, and we are counting on those responsible for data safety to at least do the bare minimum? I await your comments, below.