The Federal Trade Commission is upping its enforcement game, moving from more general mandates to imposing more specific requirements for information security programs. The goal? To learn from previous settlements and boost its reputation as a tough enforcer.

Watch and Learn: Proposed settlements with companies such as ClixSense.com, Unixiz Inc, and D-Link Systems Inc. show what the FTC is expecting in terms of corporate data security and responsibility. Among other things, the commission is placing more weight on corporate executives’ responsibility.

Hard Lessons: The shift follows an Eleventh Circuit ruling that an FTC order against LabMD was too vague and...