There are ways to delete information securely. Even a preliminary deletion will eventually lead to the information being deleted, but you can more comprehensively take active steps to delete information, to wipe hard drives, and to insert random data over where the data used to be to make that more concrete.
I think what's really missing, though, right now is the impetus to delete information, because there is no retention requirement, as we've heard. It's easier to keep it forever and even with just the vague prospect of its utility down the road, even if it's a 0.001% chance, the impetus tends to be to retain it just because it is so cheap to do so.
One of the problems with SCISA is that the more the information gets spread around different agencies, the more we have the potential for it to be accessed by a third party one way or another. Again, a retention limitation would facilitate the security concerns as well.