On the other hand...
Maybe they are trying to give CA enough rope. Its not enough just to delete a few files. As others have mentioned, they will have backups. They will also have email logs, and finally they have quite a few employees and ex-employees, one of whom is already a whistleblower who knows where the skeletons are.
If a company does something big then information about it gets scattered everywhere. So you deleted the main database. What about the scratch copy that someone made for testing purposes? What about the email with the link to the CSV files? Are you sure you got everything?
Of course given a few weeks and plenty of manpower CA could probably get most of it, but its still going to leave any number of holes. Prof Kogan has emails assuring him that it was all legal, but where are the copies of those emails on the CA servers? If the two sides don't match, its clear evidence of the destruction of evidence.
And destroying evidence is a crime (in the UK it comes under "perverting the course of justice"). Which means that any sensible employee at this point is either going to refuse point blank to delete stuff, or at least to demand instructions in writing. If the CA bosses don't have plenty of manpower then trying to delete a few bits of stuff ad-hoc is worse than doing nothing. And of course the senior CA people won't have read/write access to every employee mailbox. Yes, they could order the sysadmin to provide it, but see above about employees.