The simplest way of addressing this is to remind users that it is the institution's responsibility to comply with the JANET Acceptable Use Policy (http://www.ja.net/company/policies/janet-aup.html). It states:
"... Compliance.
It is the responsibility of the User Organisation to take all reasonable steps to ensure compliance with the conditions set out in this Policy document, and to ensure that unacceptable use of JANET does not occur...."
One of these conditions is that JANET may not be used for -
" ... 9.1. the creation or transmission (other than for properly supervised and lawful research purposes) of any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material..."
Internet filtering can be a sensitive topic and many institutions place reliance on systems which only come into effect when patterns of activity display suspiciously illegal usage - a sort of hands off approach. However, the guidance on "Legal Risks and Liabilities for IT Services in Further and Higher Education" on the JISC Legal website at - http://www.jisclegal.ac.uk/publications/legalRisks.htm deals with filtering to some extent
" ...Protection from Inappropriate Content/Harassment. Institutions have a duty to ensure the safety of their students and to protect them from any reasonably foreseeable harm. Liability could potentially arise for psychiatric conditions caused by repeated exposure to obscene or offensive material when using the institution's IT facilities.... "
You may also wish to refer to guidance (aimed at schools) on the BECTA website regarding filtering -
" ... Levels of filtering. Different groups of user may require different levels of filtering. Schools may wish to provide younger users with more restricted access whilst allowing greater privileges to older users. Similarly, schools may require the filtering system to distinguish between different client machines on the network.
In summary, clearly a balance has to be achieved between restricting what material users are able to access online and the prevention of injury to users or of harm to the computer systems themselves. How this is achieved is really a risk assessment exercise. Constant reminders to users of their individual responsibility for illegal or inappropriate activity is part of what is required for an institution to fulfil its diligence obligations in this regard.